wok-next view netsurf/stuff/patches/openssl.patch @ rev 20647

Up raptor (2.0.15), ruby (2.5.0), scons(3.0.0), screen (4.6.2), sharutils (4.15.2), slang (2.3.1), swig (3.0.12), sysstat (11.6.2), talloc (2.1.11), tcl (8.6.8), tidy-html5 (5.4.0), tk (8.6.8), udisks (1.0.5), unixODBC (2.3.5), unrar (5.5.8), upower (0.99.7), usbids (20180414), usbutils (009), vala (0.38.8), valgrind (3.13.0), wayland-protocols (1.13), yajl (2.1.0); add librep, rasqal, redland, rep-gtk.
author Aleksej Bobylev <al.bobylev@gmail.com>
date Thu May 03 16:25:23 2018 +0300 (2018-05-03)
parents
children
line source
1 From e8a9e3744523671228fef385ce7e1e11f93283b0 Mon Sep 17 00:00:00 2001
2 From: Vincent Sanders <vince@kyllikki.org>
3 Date: Sun, 20 Nov 2016 12:14:36 +0000
4 Subject: fix openSSL 1.1.0 X509 certificate handling
5
6 ---
7 diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
8 index 66970ef..7ddf512 100644
9 --- a/content/fetchers/curl.c
10 +++ b/content/fetchers/curl.c
11 @@ -128,6 +128,26 @@ static char fetch_error_buffer[CURL_ERROR_SIZE];
12 static char fetch_proxy_userpwd[100];
13
14
15 +/* OpenSSL 1.0.x to 1.1.0 certificate reference counting changed */
16 +#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
17 +static int ns_X509_up_ref(X509 *cert)
18 +{
19 + cert->references++;
20 + return 1;
21 +}
22 +
23 +static void ns_X509_free(X509 *cert)
24 +{
25 + cert->references--;
26 + if (cert->references == 0) {
27 + X509_free(cert);
28 + }
29 +}
30 +#else
31 +#define ns_X509_up_ref X509_up_ref
32 +#define ns_X509_free X509_free
33 +#endif
34 +
35 /**
36 * Initialise a cURL fetcher.
37 */
38 @@ -438,7 +458,7 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx)
39 */
40 if (!fetch->cert_data[depth].cert) {
41 fetch->cert_data[depth].cert = X509_STORE_CTX_get_current_cert(x509_ctx);
42 - fetch->cert_data[depth].cert->references++;
43 + ns_X509_up_ref(fetch->cert_data[depth].cert);
44 fetch->cert_data[depth].err = X509_STORE_CTX_get_error(x509_ctx);
45 }
46
47 @@ -815,10 +835,7 @@ static void fetch_curl_free(void *vf)
48 }
49
50 for (i = 0; i < MAX_CERTS && f->cert_data[i].cert; i++) {
51 - f->cert_data[i].cert->references--;
52 - if (f->cert_data[i].cert->references == 0) {
53 - X509_free(f->cert_data[i].cert);
54 - }
55 + ns_X509_free(f->cert_data[i].cert);
56 }
57
58 free(f);
59 @@ -986,10 +1003,7 @@ curl_start_cert_validate(struct curl_fetch_info *f,
60 X509_get_pubkey(certs[depth].cert));
61
62 /* and clean up */
63 - certs[depth].cert->references--;
64 - if (certs[depth].cert->references == 0) {
65 - X509_free(certs[depth].cert);
66 - }
67 + ns_X509_free(certs[depth].cert);
68 }
69
70 msg.type = FETCH_CERT_ERR;
71 --
72 cgit v0.9.0.3-65-g4555