aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ext/openssl/extconf.rb5
-rw-r--r--ext/openssl/openssl_missing.h25
-rw-r--r--ext/openssl/ossl_pkey.c4
-rw-r--r--ext/openssl/ossl_ssl.c15
-rw-r--r--ext/openssl/ossl_x509cert.c2
-rw-r--r--ext/openssl/ossl_x509crl.c2
-rw-r--r--ext/openssl/ossl_x509store.c2
7 files changed, 45 insertions, 10 deletions
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 2cdbc0396d..fa89bbcca9 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -110,6 +110,11 @@ have_func("RAND_pseudo_bytes", ["openssl/rand.h"], "-Werror=deprecated-declarati
have_func("X509_STORE_get_ex_data")
have_func("X509_STORE_set_ex_data")
have_func("OCSP_SINGLERESP_get0_id")
+have_func("X509_up_ref")
+have_func("X509_CRL_up_ref")
+have_func("X509_STORE_up_ref")
+have_func("SSL_SESSION_up_ref")
+have_func("EVP_PKEY_up_ref")
have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
Logging::message "=== Checking done. ===\n"
diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
index 1e4b2aef93..eab3ca65ef 100644
--- a/ext/openssl/openssl_missing.h
+++ b/ext/openssl/openssl_missing.h
@@ -85,6 +85,31 @@ int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data);
# define OCSP_SINGLERESP_get0_id(s) ((s)->certId)
#endif
+#if !defined(HAVE_X509_UP_REF)
+# define X509_up_ref(x) \
+ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509)
+#endif
+
+#if !defined(HAVE_X509_CRL_UP_REF)
+# define X509_CRL_up_ref(x) \
+ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509_CRL);
+#endif
+
+#if !defined(HAVE_X509_STORE_UP_REF)
+# define X509_STORE_up_ref(x) \
+ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_X509_STORE);
+#endif
+
+#if !defined(HAVE_SSL_SESSION_UP_REF)
+# define SSL_SESSION_up_ref(x) \
+ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_SSL_SESSION);
+#endif
+
+#if !defined(HAVE_EVP_PKEY_UP_REF)
+# define EVP_PKEY_up_ref(x) \
+ CRYPTO_add(&(x)->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#endif
+
#if defined(__cplusplus)
}
#endif
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index 4990ce8e08..4bf36a6ecc 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -197,7 +197,7 @@ DupPKeyPtr(VALUE obj)
EVP_PKEY *pkey;
SafeGetPKey(obj, pkey);
- CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(pkey);
return pkey;
}
@@ -211,7 +211,7 @@ DupPrivPKeyPtr(VALUE obj)
ossl_raise(rb_eArgError, "Private key is needed.");
}
SafeGetPKey(obj, pkey);
- CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(pkey);
return pkey;
}
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 294ba5dfe8..3874543b2f 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -124,8 +124,10 @@ static void
ossl_sslctx_free(void *ptr)
{
SSL_CTX *ctx = ptr;
+#if !defined(HAVE_X509_STORE_UP_REF)
if(ctx && SSL_CTX_get_ex_data(ctx, ossl_ssl_ex_store_p)== (void*)1)
ctx->cert_store = NULL;
+#endif
SSL_CTX_free(ctx);
}
@@ -381,7 +383,7 @@ ossl_sslctx_session_new_cb(SSL *ssl, SSL_SESSION *sess)
return 1;
ssl_obj = (VALUE)ptr;
sess_obj = rb_obj_alloc(cSSLSession);
- CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
+ SSL_SESSION_up_ref(sess);
DATA_PTR(sess_obj) = sess;
ary = rb_ary_new2(2);
@@ -430,7 +432,7 @@ ossl_sslctx_session_remove_cb(SSL_CTX *ctx, SSL_SESSION *sess)
return;
sslctx_obj = (VALUE)ptr;
sess_obj = rb_obj_alloc(cSSLSession);
- CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
+ SSL_SESSION_up_ref(sess);
DATA_PTR(sess_obj) = sess;
ary = rb_ary_new2(2);
@@ -693,7 +695,6 @@ ossl_sslctx_setup(VALUE self)
{
SSL_CTX *ctx;
X509 *cert = NULL, *client_ca = NULL;
- X509_STORE *store;
EVP_PKEY *key = NULL;
char *ca_path = NULL, *ca_file = NULL;
int verify_mode;
@@ -715,15 +716,19 @@ ossl_sslctx_setup(VALUE self)
val = ossl_sslctx_get_cert_store(self);
if(!NIL_P(val)){
+ X509_STORE *store = GetX509StorePtr(val); /* NO NEED TO DUP */
+ SSL_CTX_set_cert_store(ctx, store);
+#if !defined(HAVE_X509_STORE_UP_REF)
/*
* WORKAROUND:
* X509_STORE can count references, but
* X509_STORE_free() doesn't care it.
* So we won't increment it but mark it by ex_data.
*/
- store = GetX509StorePtr(val); /* NO NEED TO DUP */
- SSL_CTX_set_cert_store(ctx, store);
SSL_CTX_set_ex_data(ctx, ossl_ssl_ex_store_p, (void*)1);
+#else /* Fixed in OpenSSL 1.1.0 */
+ X509_STORE_up_ref(store);
+#endif
}
val = ossl_sslctx_get_extra_cert(self);
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
index 4dafae17b9..db8ba02375 100644
--- a/ext/openssl/ossl_x509cert.c
+++ b/ext/openssl/ossl_x509cert.c
@@ -122,7 +122,7 @@ DupX509CertPtr(VALUE obj)
SafeGetX509(obj, x509);
- CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(x509);
return x509;
}
diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c
index f64712efcd..3aa695a5ea 100644
--- a/ext/openssl/ossl_x509crl.c
+++ b/ext/openssl/ossl_x509crl.c
@@ -67,7 +67,7 @@ DupX509CRLPtr(VALUE obj)
X509_CRL *crl;
SafeGetX509CRL(obj, crl);
- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+ X509_CRL_up_ref(crl);
return crl;
}
diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c
index b09313cc87..c62f2e3084 100644
--- a/ext/openssl/ossl_x509store.c
+++ b/ext/openssl/ossl_x509store.c
@@ -98,7 +98,7 @@ DupX509StorePtr(VALUE obj)
X509_STORE *store;
SafeGetX509Store(obj, store);
- CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
+ X509_STORE_up_ref(store);
return store;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 14:45:53 +0000