From 60f03123a4643b375e7e15b8d8dd32beeba4deac Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 26 May 2023 13:44:05 +0000
Subject: Move verified_chain from SSL to SSL_HANDSHAKE

This is a better version of the fix for the missing pointer invalidation
but a bit larger, so errata got the minimal fix.

tested by jcs
ok jsing
---
 src/lib/libssl/ssl_lib.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/ssl_lib.c')

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 68e60a5481..f6c9406139 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.309 2023/04/23 18:51:53 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.310 2023/05/26 13:44:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -900,7 +900,9 @@ SSL_get_peer_cert_chain(const SSL *s)
 STACK_OF(X509) *
 SSL_get0_verified_chain(const SSL *s)
 {
-	return s->verified_chain;
+	if (s->s3 == NULL)
+		return NULL;
+	return s->s3->hs.verified_chain;
 }
 
 /*
-- 
cgit v1.2.3-55-g6feb