$OpenBSD: patch-source_helpers_pkcs7_pkcs7-openssl_c,v 1.5 2021/11/13 17:23:38 sthen Exp $

- add default_paths to STORE for checking signatures (aka /etc/ssl/cert.pem)
- avoid OpenSSL 1.1.0 methods

XXX source/helpers/pkcs7/pkcs7-openssl.c:194:39: warning: incompatible pointer types
(but should be harmless)

Index: source/helpers/pkcs7/pkcs7-openssl.c
--- source/helpers/pkcs7/pkcs7-openssl.c.orig
+++ source/helpers/pkcs7/pkcs7-openssl.c
@@ -514,6 +514,9 @@ check_certificate(fz_context *ctx, pdf_pkcs7_verifier 
 		}
 	}
 
+	/* Add default paths */
+	X509_STORE_set_default_paths(st);
+
 	res = pk7_verify_cert(st, pk7sig);
 
 exit:
@@ -555,7 +558,7 @@ static void add_from_bag(X509 **pX509, EVP_PKEY **pPke
 	{
 	case NID_keyBag:
 		{
-			const PKCS8_PRIV_KEY_INFO *p8 = PKCS12_SAFEBAG_get0_p8inf(bag);
+			const PKCS8_PRIV_KEY_INFO *p8 = bag->value.keybag;
 			pkey = EVP_PKCS82PKEY(p8);
 		}
 		break;
@@ -577,7 +580,7 @@ static void add_from_bag(X509 **pX509, EVP_PKEY **pPke
 		break;
 
 	case NID_safeContentsBag:
-		add_from_bags(pX509, pPkey, PKCS12_SAFEBAG_get0_safes(bag), pw);
+		add_from_bags(pX509, pPkey, bag->value.safes, pw);
 		break;
 	}
 
