From e8a9e3744523671228fef385ce7e1e11f93283b0 Mon Sep 17 00:00:00 2001 From: Vincent Sanders Date: Sun, 20 Nov 2016 12:14:36 +0000 Subject: fix openSSL 1.1.0 X509 certificate handling --- content/fetchers/curl.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) (limited to 'content') diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c index 66970ef7e..7ddf5121d 100644 --- a/content/fetchers/curl.c +++ b/content/fetchers/curl.c @@ -128,6 +128,26 @@ static char fetch_error_buffer[CURL_ERROR_SIZE]; static char fetch_proxy_userpwd[100]; +/* OpenSSL 1.0.x to 1.1.0 certificate reference counting changed */ +#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) +static int ns_X509_up_ref(X509 *cert) +{ + cert->references++; + return 1; +} + +static void ns_X509_free(X509 *cert) +{ + cert->references--; + if (cert->references == 0) { + X509_free(cert); + } +} +#else +#define ns_X509_up_ref X509_up_ref +#define ns_X509_free X509_free +#endif + /** * Initialise a cURL fetcher. */ @@ -438,7 +458,7 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx) */ if (!fetch->cert_data[depth].cert) { fetch->cert_data[depth].cert = X509_STORE_CTX_get_current_cert(x509_ctx); - fetch->cert_data[depth].cert->references++; + ns_X509_up_ref(fetch->cert_data[depth].cert); fetch->cert_data[depth].err = X509_STORE_CTX_get_error(x509_ctx); } @@ -815,10 +835,7 @@ static void fetch_curl_free(void *vf) } for (i = 0; i < MAX_CERTS && f->cert_data[i].cert; i++) { - f->cert_data[i].cert->references--; - if (f->cert_data[i].cert->references == 0) { - X509_free(f->cert_data[i].cert); - } + ns_X509_free(f->cert_data[i].cert); } free(f); @@ -986,10 +1003,7 @@ curl_start_cert_validate(struct curl_fetch_info *f, X509_get_pubkey(certs[depth].cert)); /* and clean up */ - certs[depth].cert->references--; - if (certs[depth].cert->references == 0) { - X509_free(certs[depth].cert); - } + ns_X509_free(certs[depth].cert); } msg.type = FETCH_CERT_ERR; -- cgit v1.2.3