acme-client: stop reaching into X509

Prepare for an upcoming change in libcrypto and retrieve the stack
of extensions via X509_get0_extensions(). Simplify the for loop by
relying on the fact that empty or NULL stacks have an sk_num() of 0
and -1, respectively, so the loop won't be entered and the extsz
dance is unnecessary.

ok florian

diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c
index e3cab0c..9280b2c 100644 (file)
--- a/usr.sbin/acme-client/revokeproc.c
+++ b/usr.sbin/acme-client/revokeproc.c
@@ -1,4 +1,4 @@
-/*     $Id: revokeproc.c,v 1.17 2021/01/02 19:04:21 sthen Exp $ */
+/*     $Id: revokeproc.c,v 1.18 2021/10/13 18:09:42 tb Exp $ */
 /*
  * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -94,19 +94,20 @@ int
 revokeproc(int fd, const char *certfile, int force,
     int revocate, const char *const *alts, size_t altsz)
 {
-       char            *der = NULL, *dercp, *der64 = NULL;
-       char            *san = NULL, *str, *tok;
-       int              rc = 0, cc, i, extsz, ssz, len;
-       size_t          *found = NULL;
-       BIO             *bio = NULL;
-       FILE            *f = NULL;
-       X509            *x = NULL;
-       long             lval;
-       enum revokeop    op, rop;
-       time_t           t;
-       X509_EXTENSION  *ex;
-       ASN1_OBJECT     *obj;
-       size_t           j;
+       char                            *der = NULL, *dercp, *der64 = NULL;
+       char                            *san = NULL, *str, *tok;
+       int                              rc = 0, cc, i, ssz, len;
+       size_t                          *found = NULL;
+       BIO                             *bio = NULL;
+       FILE                            *f = NULL;
+       X509                            *x = NULL;
+       long                             lval;
+       enum revokeop                    op, rop;
+       time_t                           t;
+       const STACK_OF(X509_EXTENSION)  *exts;
+       X509_EXTENSION                  *ex;
+       ASN1_OBJECT                     *obj;
+       size_t                           j;
 
        /*
         * First try to open the certificate before we drop privileges
@@ -164,13 +165,12 @@ revokeproc(int fd, const char *certfile, int force,
         * command line.
         */
 
-       extsz = x->cert_info->extensions != NULL ?
-               sk_X509_EXTENSION_num(x->cert_info->extensions) : 0;
+       exts = X509_get0_extensions(x);
 
        /* Scan til we find the SAN NID. */
 
-       for (i = 0; i < extsz; i++) {
-               ex = sk_X509_EXTENSION_value(x->cert_info->extensions, i);
+       for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+               ex = sk_X509_EXTENSION_value(exts, i);
                assert(ex != NULL);
                obj = X509_EXTENSION_get_object(ex);
                assert(obj != NULL);