summaryrefslogtreecommitdiff
path: root/libre/netsurf/openssl.patch
diff options
context:
space:
mode:
Diffstat (limited to 'libre/netsurf/openssl.patch')
-rw-r--r--libre/netsurf/openssl.patch72
1 files changed, 72 insertions, 0 deletions
diff --git a/libre/netsurf/openssl.patch b/libre/netsurf/openssl.patch
new file mode 100644
index 000000000..2d914dd36
--- /dev/null
+++ b/libre/netsurf/openssl.patch
@@ -0,0 +1,72 @@
+From e8a9e3744523671228fef385ce7e1e11f93283b0 Mon Sep 17 00:00:00 2001
+From: Vincent Sanders <vince@kyllikki.org>
+Date: Sun, 20 Nov 2016 12:14:36 +0000
+Subject: fix openSSL 1.1.0 X509 certificate handling
+
+---
+diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
+index 66970ef..7ddf512 100644
+--- a/content/fetchers/curl.c
++++ b/content/fetchers/curl.c
+@@ -128,6 +128,26 @@ static char fetch_error_buffer[CURL_ERROR_SIZE];
+ static char fetch_proxy_userpwd[100];
+
+
++/* OpenSSL 1.0.x to 1.1.0 certificate reference counting changed */
++#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
++static int ns_X509_up_ref(X509 *cert)
++{
++ cert->references++;
++ return 1;
++}
++
++static void ns_X509_free(X509 *cert)
++{
++ cert->references--;
++ if (cert->references == 0) {
++ X509_free(cert);
++ }
++}
++#else
++#define ns_X509_up_ref X509_up_ref
++#define ns_X509_free X509_free
++#endif
++
+ /**
+ * Initialise a cURL fetcher.
+ */
+@@ -438,7 +458,7 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx)
+ */
+ if (!fetch->cert_data[depth].cert) {
+ fetch->cert_data[depth].cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+- fetch->cert_data[depth].cert->references++;
++ ns_X509_up_ref(fetch->cert_data[depth].cert);
+ fetch->cert_data[depth].err = X509_STORE_CTX_get_error(x509_ctx);
+ }
+
+@@ -815,10 +835,7 @@ static void fetch_curl_free(void *vf)
+ }
+
+ for (i = 0; i < MAX_CERTS && f->cert_data[i].cert; i++) {
+- f->cert_data[i].cert->references--;
+- if (f->cert_data[i].cert->references == 0) {
+- X509_free(f->cert_data[i].cert);
+- }
++ ns_X509_free(f->cert_data[i].cert);
+ }
+
+ free(f);
+@@ -986,10 +1003,7 @@ curl_start_cert_validate(struct curl_fetch_info *f,
+ X509_get_pubkey(certs[depth].cert));
+
+ /* and clean up */
+- certs[depth].cert->references--;
+- if (certs[depth].cert->references == 0) {
+- X509_free(certs[depth].cert);
+- }
++ ns_X509_free(certs[depth].cert);
+ }
+
+ msg.type = FETCH_CERT_ERR;
+--
+cgit v0.9.0.3-65-g4555
generated by cgit v1.2.2 (git 2.25.0) at 2024-05-09 16:29:05 +0000