From 7ffee9d08a91191b5a4fb21336efef092b583c3e Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 3 Aug 2024 04:50:27 +0000 Subject: Prepare to provide SSL_CTX_set1_cert_store() SSL_CTX_set_cert_store() should have been called SSL_CTX_set0_cert_store() since it takes ownership of the store argument. Apparently a few people ran into the issue of not bumping the refcount themselves, leading to use after frees about 10 years ago. This is a quite rarely used API and there are no misuses in the ports tree, but since someone did the work of writing a diff, we can still add it. Needless to say that SSL_CTX_get_cert_store() obviously has the exact same issue and nobody seems to have thought of adding a get0 or get1 version to match... Fixes https://github.com/libressl/openbsd/issues/71 From Kenjiro Nakayama --- src/lib/libssl/hidden/openssl/ssl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/hidden/openssl') diff --git a/src/lib/libssl/hidden/openssl/ssl.h b/src/lib/libssl/hidden/openssl/ssl.h index cff250ee75..6cf8d0c797 100644 --- a/src/lib/libssl/hidden/openssl/ssl.h +++ b/src/lib/libssl/hidden/openssl/ssl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl.h,v 1.7 2024/07/14 15:39:36 tb Exp $ */ +/* $OpenBSD: ssl.h,v 1.8 2024/08/03 04:50:27 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -105,6 +105,7 @@ LSSL_USED(SSL_CTX_set_timeout); LSSL_USED(SSL_CTX_get_timeout); LSSL_USED(SSL_CTX_get_cert_store); LSSL_USED(SSL_CTX_set_cert_store); +LSSL_USED(SSL_CTX_set1_cert_store); LSSL_USED(SSL_CTX_get0_certificate); LSSL_USED(SSL_CTX_get0_privatekey); LSSL_USED(SSL_want); -- cgit v1.2.3-55-g6feb