From: Kenjiro Nakayama Subject: [PATCH] libressl: Add SSL_CTX_set1_cert_store To: tech@openbsd.org Cc: Kenjiro Nakayama Date: Sat, 27 Jul 2024 15:24:57 +0900 As reported at https://github.com/libressl/openbsd/issues/71, currently users must increment the reference count (or call X509_STORE_up_ref()) when they use SSL_CTX_set_cert_store(). This patch adds SSL_CTX_set1_cert_store(), which updates the reference count as implied by "set1". --- src/lib/libssl/Symbols.list | 1 + src/lib/libssl/hidden/openssl/ssl.h | 1 + src/lib/libssl/ssl.h | 1 + src/lib/libssl/ssl_lib.c | 9 +++++++++ 4 files changed, 12 insertions(+) diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list index f572284..30a8e80 100644 --- a/src/lib/libssl/Symbols.list +++ b/src/lib/libssl/Symbols.list @@ -81,6 +81,7 @@ SSL_CTX_sess_set_new_cb SSL_CTX_sess_set_remove_cb SSL_CTX_sessions SSL_CTX_set0_chain +SSL_CTX_set1_cert_store SSL_CTX_set1_chain SSL_CTX_set1_groups SSL_CTX_set1_groups_list diff --git a/src/lib/libssl/hidden/openssl/ssl.h b/src/lib/libssl/hidden/openssl/ssl.h index cff250e..6618ad7 100644 --- a/src/lib/libssl/hidden/openssl/ssl.h +++ b/src/lib/libssl/hidden/openssl/ssl.h @@ -107,6 +107,7 @@ LSSL_USED(SSL_CTX_get_cert_store); LSSL_USED(SSL_CTX_set_cert_store); LSSL_USED(SSL_CTX_get0_certificate); LSSL_USED(SSL_CTX_get0_privatekey); +LSSL_USED(SSL_CTX_set1_cert_store); LSSL_USED(SSL_want); LSSL_USED(SSL_clear); LSSL_USED(SSL_CTX_flush_sessions); diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index d8846a4..e82dca7 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h @@ -1109,6 +1109,7 @@ X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); +void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); int SSL_want(const SSL *s); int SSL_clear(SSL *s); diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 4cf5c46..213349a 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c @@ -3423,6 +3423,15 @@ SSL_CTX_get0_privatekey(const SSL_CTX *ctx) } LSSL_ALIAS(SSL_CTX_get0_privatekey); +void +SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store) +{ + if (store != NULL) + X509_STORE_up_ref(store); + SSL_CTX_set_cert_store(ctx, store); +} +LSSL_ALIAS(SSL_CTX_set1_cert_store); + int SSL_want(const SSL *s) { -- 2.39.3 (Apple Git-146)