X509Certificate: Get rid of deprecated OpenSSL 1.1 APIs

Added a missing implicit header and added compatibility macros.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

Crypto/src/X509Certificate.cpp

@@ -27,7 +27,13 @@
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
+#include <openssl/bn.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define ASN1_STRING_get0_data ASN1_STRING_data
+#define X509_get0_notBefore X509_get_notBefore
+#define X509_get0_notAfter X509_get_notAfter
+#endif
 
 namespace Poco {
 namespace Crypto {
@@ -255,7 +261,7 @@ void X509Certificate::extractNames(std::string& cmnName, std::set<std::string>&
 			const GENERAL_NAME* name = sk_GENERAL_NAME_value(names, i);
 			if (name->type == GEN_DNS)
 			{
-				const char* data = reinterpret_cast<char*>(ASN1_STRING_data(name->d.ia5));
+				const char* data = reinterpret_cast<char*>(ASN1_STRING_get0_data(name->d.ia5));
 				std::size_t len = ASN1_STRING_length(name->d.ia5);
 				domainNames.insert(std::string(data, len));
 			}
@@ -273,7 +279,7 @@ void X509Certificate::extractNames(std::string& cmnName, std::set<std::string>&
 
 Poco::DateTime X509Certificate::validFrom() const
 {
-	ASN1_TIME* certTime = X509_get_notBefore(_pCert);
+	const ASN1_TIME* certTime = X509_get0_notBefore(_pCert);
 	std::string dateTime(reinterpret_cast<char*>(certTime->data));
 	int tzd;
 	return DateTimeParser::parse("%y%m%d%H%M%S", dateTime, tzd);
@@ -282,7 +288,7 @@ Poco::DateTime X509Certificate::validFrom() const
 	
 Poco::DateTime X509Certificate::expiresOn() const
 {
-	ASN1_TIME* certTime = X509_get_notAfter(_pCert);
+	const ASN1_TIME* certTime = X509_get0_notAfter(_pCert);
 	std::string dateTime(reinterpret_cast<char*>(certTime->data));
 	int tzd;
 	return DateTimeParser::parse("%y%m%d%H%M%S", dateTime, tzd);