From 96d5a4669d696d57a511119963ae5c651346e167 Mon Sep 17 00:00:00 2001 From: LemonBoy Date: Mon, 11 Sep 2017 16:32:36 +0200 Subject: Increment the X509_STORE refcount during the connection OpenSSL doesn't increment the reference count when the store is assigned to a SSL_CTX. --- src/core/network-openssl.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c index 2054f28a..feb2295d 100644 --- a/src/core/network-openssl.c +++ b/src/core/network-openssl.c @@ -510,6 +510,10 @@ static GIOChannel *irssi_ssl_get_iochannel(GIOChannel *handle, int port, SERVER_ g_free(scapath); verify = TRUE; } else if (store != NULL) { + /* Make sure to increment the refcount every time the store is + * used, that's essential not to get it free'd by OpenSSL when + * the SSL_CTX is destroyed. */ + X509_STORE_up_ref(store); SSL_CTX_set_cert_store(ctx, store); } -- cgit v1.2.3 From 36d8b974fc42ed8eb1ff88811e09d0910ae61187 Mon Sep 17 00:00:00 2001 From: LemonBoy Date: Mon, 11 Sep 2017 17:07:50 +0200 Subject: Restore compatibility with old OpenSSL versions Let's implement X509_STORE_up_ref on our own. --- src/core/network-openssl.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'src') diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c index feb2295d..7ec902fb 100644 --- a/src/core/network-openssl.c +++ b/src/core/network-openssl.c @@ -45,6 +45,19 @@ #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x) #endif +/* OpenSSL 1.1.0 also introduced some useful additions to the api */ +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER) +static int X509_STORE_up_ref(X509_STORE *vfy) +{ + int n; + + n = CRYPTO_add(&vfy->references, 1, CRYPTO_LOCK_X509_STORE); + g_assert(n > 1); + + return (n > 1) ? 1 : 0; +} +#endif + /* ssl i/o channel object */ typedef struct { -- cgit v1.2.3