ext/openssl: register new ex_data index also for X509_STORE

X509_STORE_get_ex_new_index() is required in addition to
X509_STORE_CTX_get_ex_new_index() because they are independent.

6 files changed, 20 insertions, 26 deletions

diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c
index bd8eef5ea9..31f2d0a5f9 100644
--- a/ext/openssl/openssl_missing.c
+++ b/ext/openssl/openssl_missing.c
@@ -34,20 +34,6 @@ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
 #endif /* HAVE_HMAC_CTX_COPY */
 #endif /* NO_HMAC */
 
-#if !defined(HAVE_X509_STORE_SET_EX_DATA)
-int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data)
-{
-    return CRYPTO_set_ex_data(&str->ex_data, idx, data);
-}
-#endif
-
-#if !defined(HAVE_X509_STORE_GET_EX_DATA)
-void *X509_STORE_get_ex_data(X509_STORE *str, int idx)
-{
-    return CRYPTO_get_ex_data(&str->ex_data, idx);
-}
-#endif
-
 #if !defined(HAVE_EVP_MD_CTX_CREATE)
 EVP_MD_CTX *
 EVP_MD_CTX_create(void)
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 6cf45a0d82..7067f7d750 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -133,11 +133,15 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
 #endif
 
 #if !defined(HAVE_X509_STORE_GET_EX_DATA)
-void *X509_STORE_get_ex_data(X509_STORE *str, int idx);
+#  define X509_STORE_get_ex_data(x, idx) \
+	CRYPTO_get_ex_data(&(x)->ex_data, idx)
 #endif
 
 #if !defined(HAVE_X509_STORE_SET_EX_DATA)
-int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
+#  define X509_STORE_set_ex_data(x, idx, data) \
+	CRYPTO_set_ex_data(&(x)->ex_data, idx, data)
+#  define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
+	CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
 #endif
 
 #if !defined(HAVE_X509_CRL_SET_VERSION)
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index d03dfa7ad0..91e741367f 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -198,7 +198,8 @@ ossl_pem_passwd_cb(char *buf, int max_len, int flag, void *pwd)
 /*
  * Verify callback
  */
-int ossl_verify_cb_idx;
+int ossl_store_ctx_ex_verify_cb_idx;
+int ossl_store_ex_verify_cb_idx;
 
 VALUE
 ossl_call_verify_cb_proc(struct ossl_verify_cb_args *args)
@@ -214,10 +215,10 @@ ossl_verify_cb(int ok, X509_STORE_CTX *ctx)
     struct ossl_verify_cb_args args;
     int state = 0;
 
-    proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_verify_cb_idx);
-    if ((void*)proc == 0)
-	proc = (VALUE)X509_STORE_get_ex_data(ctx->ctx, ossl_verify_cb_idx);
-    if ((void*)proc == 0)
+    proc = (VALUE)X509_STORE_CTX_get_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx);
+    if (!proc)
+	proc = (VALUE)X509_STORE_get_ex_data(ctx->ctx, ossl_store_ex_verify_cb_idx);
+    if (!proc)
 	return ok;
     if (!NIL_P(proc)) {
 	ret = Qfalse;
@@ -1130,8 +1131,10 @@ Init_openssl(void)
     /*
      * Verify callback Proc index for ext-data
      */
-    if ((ossl_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"ossl_verify_cb_idx", 0, 0, 0)) < 0)
+    if ((ossl_store_ctx_ex_verify_cb_idx = X509_STORE_CTX_get_ex_new_index(0, (void *)"ossl_store_ctx_ex_verify_cb_idx", 0, 0, 0)) < 0)
         ossl_raise(eOSSLError, "X509_STORE_CTX_get_ex_new_index");
+    if ((ossl_store_ex_verify_cb_idx = X509_STORE_get_ex_new_index(0, (void *)"ossl_store_ex_verify_cb_idx", 0, 0, 0)) < 0)
+        ossl_raise(eOSSLError, "X509_STORE_get_ex_new_index");
 
     /*
      * Init debug core
diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
index 3be01b0cb6..8e6f2ce7e3 100644
--- a/ext/openssl/ossl.h
+++ b/ext/openssl/ossl.h
@@ -167,7 +167,8 @@ VALUE ossl_exc_new(VALUE, const char *, ...);
 /*
  * Verify callback
  */
-extern int ossl_verify_cb_idx;
+extern int ossl_store_ctx_ex_verify_cb_idx;
+extern int ossl_store_ex_verify_cb_idx;
 
 struct ossl_verify_cb_args {
     VALUE proc;
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 96c7990046..1ffceb0dc6 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -308,7 +308,7 @@ ossl_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 
     ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
     cb = (VALUE)SSL_get_ex_data(ssl, ossl_ssl_ex_vcb_idx);
-    X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx, (void*)cb);
+    X509_STORE_CTX_set_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx, (void*)cb);
     return ossl_verify_cb(preverify_ok, ctx);
 }
 
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index bb6fe14d87..ab4df5129c 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -130,7 +130,7 @@ ossl_x509store_set_vfy_cb(VALUE self, VALUE cb)
     X509_STORE *store;
 
     GetX509Store(self, store);
-    X509_STORE_set_ex_data(store, ossl_verify_cb_idx, (void*)cb);
+    X509_STORE_set_ex_data(store, ossl_store_ex_verify_cb_idx, (void*)cb);
     rb_iv_set(self, "@verify_callback", cb);
 
     return cb;
@@ -467,7 +467,7 @@ ossl_x509stctx_verify(VALUE self)
     int result;
 
     GetX509StCtx(self, ctx);
-    X509_STORE_CTX_set_ex_data(ctx, ossl_verify_cb_idx,
+    X509_STORE_CTX_set_ex_data(ctx, ossl_store_ctx_ex_verify_cb_idx,
                                (void*)rb_iv_get(self, "@verify_callback"));
     result = X509_verify_cert(ctx);