* Alpine does not build with openssl 1.1.0, so this update fixes that.

     Users have the option to build with older versions of OpenSSL or with
     version 1.1.0. The current code is transitional and it is intended
     that we will move Alpine to build exclusively with version 1.1.0 or
     above in the future. This update also recognizes if we are using
     LibreSSL. It was tested with version 2.4.2.

4 files changed, 39 insertions, 23 deletions

diff --git a/pith/pine.hlp b/pith/pine.hlp
index 5ee5e72c..6559f9d6 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
 reasonable place to be called from.
 Dummy change to get revision in pine.hlp
 ============= h_revision =================
-Alpine Commit 166 2016-08-29 20:39:48
+Alpine Commit 167 2016-09-03 18:44:36
 ============= h_news =================
 <HTML>
 <HEAD>
diff --git a/pith/smime.c b/pith/smime.c
index 9629f743..389ce012 100644
--- a/pith/smime.c
+++ b/pith/smime.c
@@ -1238,8 +1238,12 @@ smime_init(void)
 	s_cert_store = get_ca_store();
 	setup_certs_backup_by_type(CACert);
 
+#ifdef OPENSSL_1_1_0
+	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS|OPENSSL_INIT_ADD_ALL_DIGESTS|OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+#else
         OpenSSL_add_all_algorithms();
         ERR_load_crypto_strings();
+#endif /* OPENSSL_1_1_0 */
 
 	app_RAND_load_file(NULL);
     	openssl_extra_randomness();
@@ -3142,8 +3146,8 @@ find_certificate_matching_recip_info(PKCS7_RECIP_INFO *ri)
 
 	    mine = x->cert;
 
-	    if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,mine->cert_info->issuer) &&
-		    !ASN1_INTEGER_cmp(ri->issuer_and_serial->serial,mine->cert_info->serialNumber)){
+	    if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,X509_get_issuer_name(mine)) &&
+		    !ASN1_INTEGER_cmp(ri->issuer_and_serial->serial,X509_get_serialNumber(mine))){
 		break;
 	    }
 	}
diff --git a/pith/smkeys.c b/pith/smkeys.c
index ce58ed41..8666d53b 100644
--- a/pith/smkeys.c
+++ b/pith/smkeys.c
@@ -62,11 +62,9 @@ smime_X509_to_cert_info(X509 *x, char *name)
   memset((void *)cert, 0, sizeof(CertList));
   cert->x509_cert = x;
   cert->name = name ? cpystr(name) : NULL;
-  if(x && x->cert_info){
-    cert->data.date_from = smime_get_date(x->cert_info->validity->notBefore);
-    cert->data.date_to = smime_get_date(x->cert_info->validity->notAfter);
-    cert->cn = smime_get_cn(x->cert_info->subject);
-  }
+  cert->data.date_from = smime_get_date(X509_get0_notBefore(x));
+  cert->data.date_to = smime_get_date(X509_get0_notAfter(x));
+  cert->cn = smime_get_cn(x);
   get_fingerprint(x, EVP_md5(), buf, sizeof(buf), NULL);
   cert->data.md5 = cpystr(buf);
 
@@ -222,7 +220,7 @@ setup_certs_backup_by_type(WhichCerts ctype)
 		case CACert:
 			if((in = BIO_new_file(buf2, "r"))!=0){
 			  x = PEM_read_bio_X509(in, NULL, NULL, NULL);
-			  if(x && x->cert_info){ /* for now copy this information */
+			  if(x){ /* for now copy this information */
 			    cert = smime_X509_to_cert_info(x, df->d_name);
 			    /* we will use the cert->data.md5 variable to find a backup 
 			       certificate, not the name */
@@ -261,14 +259,20 @@ setup_certs_backup_by_type(WhichCerts ctype)
 }
 
 char *
-smime_get_cn(X509_NAME *subject)
+smime_get_cn(X509 *x)
 {
-   char buf[256];
    X509_NAME_ENTRY *e;
-   e = X509_NAME_get_entry(subject, X509_NAME_entry_count(subject)-1);
-   if(e)
-      X509_NAME_get_text_by_OBJ(subject, e->object, buf, sizeof(buf));
-   return cpystr(buf);
+   X509_NAME *subject;
+   char    buf[256];
+   char *rv = NULL;
+
+   subject = X509_get_subject_name(x);
+   if((e = X509_NAME_get_entry(subject, X509_NAME_entry_count(subject)-1)) != NULL){
+      X509_NAME_get_text_by_OBJ(subject, X509_NAME_ENTRY_get_object(e), buf, sizeof(buf));
+      rv = cpystr(buf);
+   }
+
+   return rv;
 }
 
 int
@@ -395,7 +399,7 @@ emailstrclean(char *string)
 
 
 char *
-smime_get_date(ASN1_GENERALIZEDTIME *tm)
+smime_get_date(const ASN1_TIME *tm)
 {
    BIO *mb = BIO_new(BIO_s_mem());
    char iobuf[4096];
@@ -476,13 +480,12 @@ add_certs_in_dir(X509_LOOKUP *lookup, char *path, char *ext, CertList **cdata)
 		     cert->name = cpystr(d->d_name);
 		     /* read buf into a bio and fill the CertData structure */
 		     if((in = BIO_new_file(buf, "r"))!=0){
-			x = PEM_read_bio_X509(in, NULL, NULL, NULL);
-			if(x && x->cert_info){
-			   cert->data.date_from	= smime_get_date(x->cert_info->validity->notBefore);
-			   cert->data.date_to	= smime_get_date(x->cert_info->validity->notAfter);
+			if((x = PEM_read_bio_X509(in, NULL, NULL, NULL)) != NULL){
+			   cert->data.date_from	= smime_get_date(X509_get0_notBefore(x));
+			   cert->data.date_to	= smime_get_date(X509_get0_notAfter(x));
 			   get_fingerprint(x, EVP_md5(), buf, sizeof(buf), NULL);
 			   cert->data.md5	= cpystr(buf);
-			   cert->cn = smime_get_cn(x->cert_info->subject);
+			   cert->cn = smime_get_cn(x);
 			   X509_free(x);
 			}
 			BIO_free(in);
diff --git a/pith/smkeys.h b/pith/smkeys.h
index 8c23d905..0d3570bc 100644
--- a/pith/smkeys.h
+++ b/pith/smkeys.h
@@ -29,7 +29,16 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/bio.h>
+#include <openssl/safestack.h>
 
+#ifndef OPENSSL_1_1_0
+#define X509_get0_notBefore(x) ((x) && (x)->cert_info                   \
+                                ? (x)->cert_info->validity->notBefore   \
+                                : NULL)
+#define X509_get0_notAfter(x) ((x) && (x)->cert_info                    \
+                                ? (x)->cert_info->validity->notAfter    \
+                                : NULL)
+#endif /* OPENSSL_1_1_0 */
 
 #define EMAILADDRLEADER "emailAddress="
 #define CACERTSTORELEADER "cacert="
@@ -64,10 +73,10 @@ void           free_personal_certs(PERSONAL_CERT **pc);
 void	       get_fingerprint(X509 *cert, const EVP_MD *type, char *buf, size_t maxLen, char *s);
 int	       certlist_to_file(char *filename, CertList *certlist);
 int	       load_cert_for_key(char *pathdir, EVP_PKEY *pkey, char **certfile, X509 **pcert);
-char           *smime_get_date(ASN1_GENERALIZEDTIME *tm);
+char           *smime_get_date(const ASN1_TIME *tm);
 void	       resort_certificates(CertList **data, WhichCerts ctype);
 int	       setup_certs_backup_by_type(WhichCerts ctype);
-char 	       *smime_get_cn(X509_NAME *);
+char 	       *smime_get_cn(X509 *);
 CertList       *smime_X509_to_cert_info(X509 *, char *);