CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2021/11/05 15:39:45
Modified files:
lib/libcrypto/x509: x509_lu.c
Log message:
First pass of streamlining X509_STORE_get1_{certs,crls}()
These functions are quite messy. On top of the tricky logic querying the
cache, then refreshing the cache (unconditionally or not), then querying
again, then extracting a list of certs/crls and bumping their refcounts,
things are intermixed with locking and needlessly early allocations that
then need to be cleaned up again.
Use X509_STORE_CTX_get_obj_by_subject() to avoid using an object on the
stack and defer allocation of the returned stack of certs to later.
Flatten the logic a bit and prepare for further refactoring.
ok jsing
