diff options
| author | ailin-nemui <ailin-nemui@users.noreply.github.com> | 2017-09-13 10:32:38 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-09-13 10:32:38 +0200 |
| commit | ca1172b4d0871ed23eadfe36243dd4bedde939f7 (patch) | |
| tree | 82610deb7678a959331598e518f8f19ef6924574 /src/core | |
| parent | 24ad80177b10093544ec07a5d6b3ed4b1bfc6fb8 (diff) | |
| parent | 36d8b974fc42ed8eb1ff88811e09d0910ae61187 (diff) | |
| download | irssi-ca1172b4d0871ed23eadfe36243dd4bedde939f7.zip | |
Merge pull request #751 from LemonBoy/ssl-refcnt
Increment the X509_STORE refcount during the connection
Diffstat (limited to 'src/core')
| -rw-r--r-- | src/core/network-openssl.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c index 2054f28a..7ec902fb 100644 --- a/src/core/network-openssl.c +++ b/src/core/network-openssl.c @@ -45,6 +45,19 @@ #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) #endif +/* OpenSSL 1.1.0 also introduced some useful additions to the api */ +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER) +static int X509_STORE_up_ref(X509_STORE *vfy) +{ + int n; + + n = CRYPTO_add(&vfy->references, 1, CRYPTO_LOCK_X509_STORE); + g_assert(n > 1); + + return (n > 1) ? 1 : 0; +} +#endif + /* ssl i/o channel object */ typedef struct { @@ -510,6 +523,10 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_ g_free(scapath); verify = TRUE; } else if (store != NULL) { + /* Make sure to increment the refcount every time the store is + * used, that's essential not to get it free'd by OpenSSL when + * the SSL_CTX is destroyed. */ + X509_STORE_up_ref(store); SSL_CTX_set_cert_store(ctx, store); } |