diff options
author | John-Mark Bell <jmb@netsurf-browser.org> | 2024-02-11 19:05:57 +0000 |
---|---|---|
committer | John-Mark Bell <jmb@netsurf-browser.org> | 2024-02-11 19:06:07 +0000 |
commit | 2a37e5e64c153fbc13de557faafd2d1a1493cbdd (patch) | |
tree | d56d8074bec8da3c7a2339dbd6f6c3a588d9a13f /content/fetchers/curl.c | |
parent | 6bb70e88108c904d67e9af7c8e5b273f6cd6854f (diff) | |
download | netsurf-2a37e5e64c153fbc13de557faafd2d1a1493cbdd.tar.gz netsurf-2a37e5e64c153fbc13de557faafd2d1a1493cbdd.tar.bz2 |
Revert "fetchers: drop support for ancient OpenSSL"
ciworker{8,12} (respectively: FreeBSD, aarch64 Linux) are running
obsolete OS versions. Disappointment ensues.
This reverts commit 6bb70e88108c904d67e9af7c8e5b273f6cd6854f.
Diffstat (limited to 'content/fetchers/curl.c')
-rw-r--r-- | content/fetchers/curl.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c index b1907448e..6878d9e6a 100644 --- a/content/fetchers/curl.c +++ b/content/fetchers/curl.c @@ -106,11 +106,33 @@ #include <openssl/ssl.h> #include <openssl/x509v3.h> +/* OpenSSL 1.0.x to 1.1.0 certificate reference counting changed + * LibreSSL declares its OpenSSL version as 2.1 but only supports the old way + */ +#if (defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)) +static int ns_X509_up_ref(X509 *cert) +{ + cert->references++; + return 1; +} + +static void ns_X509_free(X509 *cert) +{ + cert->references--; + if (cert->references == 0) { + X509_free(cert); + } +} +#else +#define ns_X509_up_ref X509_up_ref +#define ns_X509_free X509_free +#endif + #else /* WITH_OPENSSL */ typedef char X509; -static void X509_free(X509 *cert) +static void ns_X509_free(X509 *cert) { free(cert); } @@ -731,7 +753,7 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx) */ if (!fetch->cert_data[depth].cert) { fetch->cert_data[depth].cert = X509_STORE_CTX_get_current_cert(x509_ctx); - X509_up_ref(fetch->cert_data[depth].cert); + ns_X509_up_ref(fetch->cert_data[depth].cert); fetch->cert_data[depth].err = X509_STORE_CTX_get_error(x509_ctx); } @@ -1456,7 +1478,7 @@ static void fetch_curl_free(void *vf) /* free certificate data */ for (i = 0; i < MAX_CERT_DEPTH; i++) { if (f->cert_data[i].cert != NULL) { - X509_free(f->cert_data[i].cert); + ns_X509_free(f->cert_data[i].cert); } } |