From 73bf90775184788b1c3a4f8ab69c9e069ffbffa8 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 23 Oct 2021 13:12:55 +0000
Subject: Use X509_STORE_CTX_get0_chain() instead of grabbing the chain
 directly out of the X509_STORE_CTX.

ok jsing
---
 src/lib/libssl/ssl_both.c     | 4 ++--
 src/lib/libssl/tls13_server.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 637f34582f..fe7173e8a4 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.36 2021/10/23 08:34:36 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.37 2021/10/23 13:12:55 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -368,7 +368,7 @@ ssl3_output_cert_chain(SSL *s, CBB *cbb, CERT_PKEY *cpk)
 		    X509_V_FLAG_LEGACY_VERIFY);
 		X509_verify_cert(xs_ctx);
 		ERR_clear_error();
-		chain = xs_ctx->chain;
+		chain = X509_STORE_CTX_get0_chain(xs_ctx);
 	}
 
 	for (i = 0; i < sk_X509_num(chain); i++) {
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index d2c7abbf7c..9c0369fc91 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.84 2021/07/01 17:53:39 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.85 2021/10/23 13:12:55 tb Exp $ */
 /*
  * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -649,7 +649,7 @@ tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
 		    X509_V_FLAG_LEGACY_VERIFY);
 		X509_verify_cert(xsc);
 		ERR_clear_error();
-		chain = xsc->chain;
+		chain = X509_STORE_CTX_get0_chain(xsc);
 	}
 
 	if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context))
-- 
cgit v1.2.3-55-g6feb