aniani/irssi
1
0
Fork 0
mirror of https://github.com/irssi/irssi.git synced 2024-12-04 14:46:39 -05:00
Code

Merge pull request #751 from LemonBoy/ssl-refcnt

Browse Source 
Increment the X509_STORE refcount during the connection
This commit is contained in:
ailin-nemui 2017-09-13 10:32:38 +02:00 committed by GitHub
commit ca1172b4d0
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/core/network-openssl.c
View File

@ -45,6 +45,19 @@
#define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
#endif #endif
/* OpenSSL 1.1.0 also introduced some useful additions to the api */
#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
static int X509_STORE_up_ref(X509_STORE *vfy)
{
int n;
n = CRYPTO_add(&vfy->references, 1, CRYPTO_LOCK_X509_STORE);
g_assert(n > 1);
return (n > 1) ? 1 : 0;
}
#endif
/* ssl i/o channel object */ /* ssl i/o channel object */
typedef struct typedef struct
{ {
@ -510,6 +523,10 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_
g_free(scapath); g_free(scapath);
verify = TRUE; verify = TRUE;
} else if (store != NULL) { } else if (store != NULL) {
/* Make sure to increment the refcount every time the store is
* used, that's essential not to get it free'd by OpenSSL when
* the SSL_CTX is destroyed. */
X509_STORE_up_ref(store);
SSL_CTX_set_cert_store(ctx, store); SSL_CTX_set_cert_store(ctx, store);
} }