CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2024/08/02 22:50:27
Modified files:
lib/libssl : ssl.h ssl_lib.c
lib/libssl/hidden/openssl: ssl.h
Log message:
Prepare to provide SSL_CTX_set1_cert_store()
SSL_CTX_set_cert_store() should have been called SSL_CTX_set0_cert_store()
since it takes ownership of the store argument. Apparently a few people ran
into the issue of not bumping the refcount themselves, leading to use after
frees about 10 years ago. This is a quite rarely used API and there are no
misuses in the ports tree, but since someone did the work of writing a diff,
we can still add it.
Needless to say that SSL_CTX_get_cert_store() obviously has the exact same
issue and nobody seems to have thought of adding a get0 or get1 version to
match...
Fixes https://github.com/libressl/openbsd/issues/71
>From Kenjiro Nakayama
