Fix wpa_supplicant build with newer BoringSSL
Like OpenSSL, reaching into BoringSSL's internal structs is not
supported and we're enforcing this by hiding the structs. This matches
the corresponding changes in OpenSSL 1.1.x.
It looks like wpa_supplicant has some custom BoringSSL-only
reimplementation of OCSP. Fix that to use public APIs. Note this change
does not audit the file for correctness, only fixes compile errors. The
change does the following:
1. Switch ASN1_STRING_data to ASN1_STRING_get0_data. This is not
strictly necessary, but uses the slightly more const-correct API.
2. Heap-allocate X509_STORE_CTX. Matching OpenSSL 1.1.x, the type is now
opaque and must use the new/free functions.
3. Don't reach into internal ex_flags and ex_xkusage fields. The old
wpa_supplicant was relying on X509_check_purpose filling in the
internal cached fields as a side effect. Instead, use the public API,
which does not need the side effect.
This file should be rewritten with CBS/CBB, or removed altogether, but
for now just fix the build.
Test: mm
Change-Id: I27d7b79e333260f27b75dda6caef0c25dd838c6b
1 file changed