$OpenBSD: patch-source_helpers_pkcs7_pkcs7-openssl_c,v 1.3 2019/07/30 13:41:14 sthen Exp $

- add default_paths to STORE for checking signatures (aka /etc/ssl/cert.pem)
- avoid OpenSSL 1.1.0 methods

XXX source/helpers/pkcs7/pkcs7-openssl.c:194:39: warning: incompatible pointer types
(but should be harmless)

Index: source/helpers/pkcs7/pkcs7-openssl.c
--- source/helpers/pkcs7/pkcs7-openssl.c.orig
+++ source/helpers/pkcs7/pkcs7-openssl.c
@@ -473,6 +473,9 @@ enum pdf_signature_error pkcs7_openssl_check_certifica
 		}
 	}
 
+	/* Add default paths */
+	X509_STORE_set_default_paths(st);
+
 	res = pk7_verify_cert(st, pk7sig);
 
 exit:
@@ -521,7 +524,7 @@ static void add_from_bag(X509 **pX509, EVP_PKEY **pPke
 	{
 	case NID_keyBag:
 		{
-			const PKCS8_PRIV_KEY_INFO *p8 = PKCS12_SAFEBAG_get0_p8inf(bag);
+			const PKCS8_PRIV_KEY_INFO *p8 = bag->value.keybag;
 			pkey = EVP_PKCS82PKEY(p8);
 		}
 		break;
@@ -543,7 +546,7 @@ static void add_from_bag(X509 **pX509, EVP_PKEY **pPke
 		break;
 
 	case NID_safeContentsBag:
-		add_from_bags(pX509, pPkey, PKCS12_SAFEBAG_get0_safes(bag), pw);
+		add_from_bags(pX509, pPkey, bag->value.safes, pw);
 		break;
 	}
 
