Browse Source

Use X509_STORE_CTX_new_with_libctx() in libssl

Libssl is OPENSSL_CTX aware so we should use it when creating an
X509_STORE_CTX.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11457)
master
Matt Caswell 2 years ago
parent
commit
a959b4fa97
2 changed files with 4 additions and 3 deletions
  1. +2
    -2
      ssl/ssl_cert.c
  2. +2
    -1
      ssl/statem/statem_lib.c

+ 2
- 2
ssl/ssl_cert.c View File

@ -386,7 +386,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
else
verify_store = s->ctx->cert_store;
ctx = X509_STORE_CTX_new();
ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
if (ctx == NULL) {
SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
return 0;
@ -869,7 +869,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
untrusted = cpk->chain;
}
xs_ctx = X509_STORE_CTX_new();
xs_ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
if (xs_ctx == NULL) {
SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
goto err;


+ 2
- 1
ssl/statem/statem_lib.c View File

@ -958,7 +958,8 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
chain_store = s->ctx->cert_store;
if (chain_store != NULL) {
X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new();
X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx,
s->ctx->propq);
if (xs_ctx == NULL) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN,


Loading…
Cancel
Save