summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVincent Sanders <vince@kyllikki.org>2016-11-20 12:14:36 (GMT)
committer Vincent Sanders <vince@kyllikki.org>2016-11-20 12:15:31 (GMT)
commite8a9e3744523671228fef385ce7e1e11f93283b0 (patch)
tree9bd065f0354b815c32dd45f6f297410bad978842
parent3ab8032f1679c2a3526ccd458eb130c0d0f917bc (diff)
downloadnetsurf-e8a9e3744523671228fef385ce7e1e11f93283b0.tar.gz
netsurf-e8a9e3744523671228fef385ce7e1e11f93283b0.tar.bz2
fix openSSL 1.1.0 X509 certificate handling
-rw-r--r--content/fetchers/curl.c32
1 files changed, 23 insertions, 9 deletions
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index 66970ef..7ddf512 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -128,6 +128,26 @@ static char fetch_error_buffer[CURL_ERROR_SIZE];
static char fetch_proxy_userpwd[100];
+/* OpenSSL 1.0.x to 1.1.0 certificate reference counting changed */
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
+static int ns_X509_up_ref(X509 *cert)
+{
+ cert->references++;
+ return 1;
+}
+
+static void ns_X509_free(X509 *cert)
+{
+ cert->references--;
+ if (cert->references == 0) {
+ X509_free(cert);
+ }
+}
+#else
+#define ns_X509_up_ref X509_up_ref
+#define ns_X509_free X509_free
+#endif
+
/**
* Initialise a cURL fetcher.
*/
@@ -438,7 +458,7 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx)
*/
if (!fetch->cert_data[depth].cert) {
fetch->cert_data[depth].cert = X509_STORE_CTX_get_current_cert(x509_ctx);
- fetch->cert_data[depth].cert->references++;
+ ns_X509_up_ref(fetch->cert_data[depth].cert);
fetch->cert_data[depth].err = X509_STORE_CTX_get_error(x509_ctx);
}
@@ -815,10 +835,7 @@ static void fetch_curl_free(void *vf)
}
for (i = 0; i < MAX_CERTS && f->cert_data[i].cert; i++) {
- f->cert_data[i].cert->references--;
- if (f->cert_data[i].cert->references == 0) {
- X509_free(f->cert_data[i].cert);
- }
+ ns_X509_free(f->cert_data[i].cert);
}
free(f);
@@ -986,10 +1003,7 @@ curl_start_cert_validate(struct curl_fetch_info *f,
X509_get_pubkey(certs[depth].cert));
/* and clean up */
- certs[depth].cert->references--;
- if (certs[depth].cert->references == 0) {
- X509_free(certs[depth].cert);
- }
+ ns_X509_free(certs[depth].cert);
}
msg.type = FETCH_CERT_ERR;