iv-org-mirror
/
litespeed-quic
mirror of https://gitea.invidious.io/iv-org/litespeed-quic.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix: do not use private openssl function to copy cert chain (#449) 

Re: https://bugs.chromium.org/p/boringssl/issues/detail?id=558#c1

Since a recent change that puts boringssl's public API more in line with OpenSSL, there is a constness mismatch in the function type of `copy_X509` that may cause compilation failures.

As it turns out, the function we are using there (`sk_deep_copy`) is documented as a private API. We could use `sk_X509_deep_copy`, casting away the const in `copy_X509` to increment the refcount, but the existing function `X509_chain_up_ref` does exactly what we want here.
This commit is contained in:
Kent Ross 2023-01-19 14:33:24 -08:00 committed by GitHub
parent b340210fcf
commit 839893419c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/liblsquic/lsquic_enc_sess_ietf.c
View File

@ -2519,14 +2519,6 @@ iquic_esf_global_cleanup (void)
}
static void *
copy_X509 (void *cert)
{
X509_up_ref(cert);
return cert;
}
static struct stack_st_X509 *
iquic_esf_get_server_cert_chain (enc_session_t *enc_session_p)
{
@ -2536,9 +2528,7 @@ iquic_esf_get_server_cert_chain (enc_session_t *enc_session_p)
if (enc_sess->esi_ssl)
{
chain = SSL_get_peer_cert_chain(enc_sess->esi_ssl);
return (struct stack_st_X509 *)
sk_deep_copy((const _STACK *) chain, sk_X509_call_copy_func,
copy_X509, sk_X509_call_free_func, (void(*)(void*))X509_free);
return X509_chain_up_ref(chain);
}
else
return NULL;