diff options
Diffstat (limited to 'content/fetchers/curl.c')
-rw-r--r-- | content/fetchers/curl.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c index b1907448e..6878d9e6a 100644 --- a/content/fetchers/curl.c +++ b/content/fetchers/curl.c @@ -106,11 +106,33 @@ #include <openssl/ssl.h> #include <openssl/x509v3.h> +/* OpenSSL 1.0.x to 1.1.0 certificate reference counting changed + * LibreSSL declares its OpenSSL version as 2.1 but only supports the old way + */ +#if (defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)) +static int ns_X509_up_ref(X509 *cert) +{ + cert->references++; + return 1; +} + +static void ns_X509_free(X509 *cert) +{ + cert->references--; + if (cert->references == 0) { + X509_free(cert); + } +} +#else +#define ns_X509_up_ref X509_up_ref +#define ns_X509_free X509_free +#endif + #else /* WITH_OPENSSL */ typedef char X509; -static void X509_free(X509 *cert) +static void ns_X509_free(X509 *cert) { free(cert); } @@ -731,7 +753,7 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX *x509_ctx) */ if (!fetch->cert_data[depth].cert) { fetch->cert_data[depth].cert = X509_STORE_CTX_get_current_cert(x509_ctx); - X509_up_ref(fetch->cert_data[depth].cert); + ns_X509_up_ref(fetch->cert_data[depth].cert); fetch->cert_data[depth].err = X509_STORE_CTX_get_error(x509_ctx); } @@ -1456,7 +1478,7 @@ static void fetch_curl_free(void *vf) /* free certificate data */ for (i = 0; i < MAX_CERT_DEPTH; i++) { if (f->cert_data[i].cert != NULL) { - X509_free(f->cert_data[i].cert); + ns_X509_free(f->cert_data[i].cert); } } |