CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2024/08/02 22:50:27
Modified files: lib/libssl : ssl.h ssl_lib.c lib/libssl/hidden/openssl: ssl.h Log message: Prepare to provide SSL_CTX_set1_cert_store() SSL_CTX_set_cert_store() should have been called SSL_CTX_set0_cert_store() since it takes ownership of the store argument. Apparently a few people ran into the issue of not bumping the refcount themselves, leading to use after frees about 10 years ago. This is a quite rarely used API and there are no misuses in the ports tree, but since someone did the work of writing a diff, we can still add it. Needless to say that SSL_CTX_get_cert_store() obviously has the exact same issue and nobody seems to have thought of adding a get0 or get1 version to match... Fixes https://github.com/libressl/openbsd/issues/71 >From Kenjiro Nakayama