diff -up bro-1.5.1/src/ssl-analyzer.pac.openssl bro-1.5.1/src/ssl-analyzer.pac --- bro-1.5.1/src/ssl-analyzer.pac.openssl 2008-10-13 00:01:26.000000000 +0200 +++ bro-1.5.1/src/ssl-analyzer.pac 2010-09-08 13:36:04.179260819 +0200 @@ -382,7 +382,7 @@ refine analyzer SSLAnalyzer += { STACK_OF(X509)* untrusted_certs = 0; if ( certificates->size() > 1 ) { - untrusted_certs = sk_new_null(); + untrusted_certs = sk_X509_new_null(); if ( ! untrusted_certs ) { // X509_V_ERR_OUT_OF_MEM; @@ -405,7 +405,7 @@ refine analyzer SSLAnalyzer += { return false; } - sk_push(untrusted_certs, (char*) pTemp); + sk_X509_push(untrusted_certs, pTemp); } } @@ -417,7 +417,7 @@ refine analyzer SSLAnalyzer += { certificate_error(csc.error); X509_STORE_CTX_cleanup(&csc); - sk_pop_free(untrusted_certs, free_X509); + sk_X509_pop_free(untrusted_certs, X509_free); } X509_free(pCert); diff -up bro-1.5.1/src/X509.cc.openssl bro-1.5.1/src/X509.cc --- bro-1.5.1/src/X509.cc.openssl 2009-06-29 23:43:50.000000000 +0200 +++ bro-1.5.1/src/X509.cc 2010-09-08 13:36:04.180250612 +0200 @@ -192,7 +192,7 @@ int X509_Cert::verifyChain(Contents_SSL* // but in chain format). // Init the stack. - STACK_OF(X509)* untrustedCerts = sk_new_null(); + STACK_OF(X509)* untrustedCerts = sk_X509_new_null(); if ( ! untrustedCerts ) { // Internal error allocating stack of untrusted certs. @@ -233,7 +233,7 @@ int X509_Cert::verifyChain(Contents_SSL* else // The remaining certificates (if any) are put into // the list of untrusted certificates - sk_push(untrustedCerts, (char*) pTemp); + sk_X509_push(untrustedCerts, pTemp); tempLength += certLength + 3; } @@ -259,7 +259,7 @@ int X509_Cert::verifyChain(Contents_SSL* // Free the stack, incuding. contents. // FIXME: could this break Bro's memory tracking? - sk_pop_free(untrustedCerts, free); + sk_X509_pop_free(untrustedCerts, X509_free); return ret; }