upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fixup implement getX and popX

Browse source
This commit is contained in:
William Lallemand 2026-01-29 16:08:02 +01:00
parent 46058a4983
commit 5726c18abb
3 changed files with 29 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
include/haproxy/openssl-compat.h
View file

@ -380,7 +380,16 @@ static inline unsigned long ERR_peek_error_func(const char **func)
#endif
#if (HA_OPENSSL_VERSION_NUMBER < 0x30300000L)
#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(OPENSSL_IS_AWSLC) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(USE_OPENSSL_WOLFSSL)
# define X509_STORE_getX_objects(x) X509_STORE_get1_objects(x)
# define sk_X509_OBJECT_popX_free(x, y) sk_X509_OBJECT_pop_free(x,y)
#else
# define X509_STORE_getX_objects(x) X509_STORE_get0_objects(x)
# define sk_X509_OBJECT_popX_free(x, y) ({})
#endif
#if (HA_OPENSSL_VERSION_NUMBER < 0x30300000L) && !defined(OPENSSL_IS_AWSLC) && !defined(LIBRESSL_VERSION_NUMBER) && !defined(USE_OPENSSL_WOLFSSL)
/* Previous OpenSSL versions does not implement X509_STORE_get1_objects()
* but X509_STORE_get0_objects were added in OpenSSL 1.1.0.
*/

30
src/ssl_ckch.c
View file

@ -1357,7 +1357,7 @@ struct cafile_entry *ssl_store_dup_cafile_entry(struct cafile_entry *src)
if (!store)
goto err;
objs = X509_STORE_get1_objects(src->ca_store);
objs = X509_STORE_getX_objects(src->ca_store);
for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
X509 *cert;
X509_CRL *crl;
@ -1385,11 +1385,11 @@ struct cafile_entry *ssl_store_dup_cafile_entry(struct cafile_entry *src)
}
}
dst = ssl_store_create_cafile_entry(src->path, store, src->type);
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
return dst;
err:
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
X509_STORE_free(store);
ha_free(&dst);
@ -1608,7 +1608,7 @@ scandir_err:
}
}
objs = X509_STORE_get1_objects(store);
objs = X509_STORE_getX_objects(store);
cert_count = sk_X509_OBJECT_num(objs);
if (cert_count == 0) {
if (!shuterror)
@ -1622,11 +1622,11 @@ scandir_err:
}
ebst_insert(&cafile_tree, &ca_e->node);
}
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
return (store != NULL);
err:
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
X509_STORE_free(store);
store = NULL;
return 0;
@ -3823,7 +3823,7 @@ static int cli_io_handler_show_cafile_detail(struct appctx *appctx)
if (!cafile_entry->ca_store)
goto end;
objs = X509_STORE_get1_objects(cafile_entry->ca_store);
objs = X509_STORE_getX_objects(cafile_entry->ca_store);
for (i = ca_index; i < sk_X509_OBJECT_num(objs); i++) {
cert = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i));
@ -3846,16 +3846,16 @@ static int cli_io_handler_show_cafile_detail(struct appctx *appctx)
}
end:
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
free_trash_chunk(out);
return 1; /* end, don't come back */
end_no_putchk:
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
free_trash_chunk(out);
return 1;
yield:
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
/* save the current state */
ctx->ca_index = i;
free_trash_chunk(out);
@ -3958,10 +3958,10 @@ static int get_certificate_count(struct cafile_entry *cafile_entry)
STACK_OF(X509_OBJECT) *objs;
if (cafile_entry && cafile_entry->ca_store) {
objs = X509_STORE_get1_objects(cafile_entry->ca_store);
objs = X509_STORE_getX_objects(cafile_entry->ca_store);
if (objs)
cert_count = sk_X509_OBJECT_num(objs);
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
}
return cert_count;
}
@ -4516,7 +4516,7 @@ static int cli_io_handler_show_crlfile_detail(struct appctx *appctx)
if (!cafile_entry->ca_store)
goto end;
objs = X509_STORE_get1_objects(cafile_entry->ca_store);
objs = X509_STORE_getX_objects(cafile_entry->ca_store);
for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
crl = X509_OBJECT_get0_X509_CRL(sk_X509_OBJECT_value(objs, i));
if (!crl)
@ -4539,11 +4539,11 @@ end:
goto yield;
end_no_putchk:
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
free_trash_chunk(out);
return 1;
yield:
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
free_trash_chunk(out);
return 0; /* should come back */
}

8
src/ssl_sock.c
View file

@ -630,7 +630,7 @@ static int ssl_set_cert_crl_file(X509_STORE *store_ctx, char *path)
if (store_ctx && store) {
int i;
X509_OBJECT *obj;
STACK_OF(X509_OBJECT) *objs = X509_STORE_get1_objects(store);
STACK_OF(X509_OBJECT) *objs = X509_STORE_getX_objects(store);
for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
obj = sk_X509_OBJECT_value(objs, i);
switch (X509_OBJECT_get_type(obj)) {
@ -644,7 +644,7 @@ static int ssl_set_cert_crl_file(X509_STORE *store_ctx, char *path)
break;
}
}
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
return 1;
}
return 0;
@ -688,7 +688,7 @@ static STACK_OF(X509_NAME)* ssl_get_client_ca_file(char *path)
skn = sk_X509_NAME_new_null();
/* take x509 from cafile_tree */
objs = X509_STORE_get1_objects(ca_e->ca_store);
objs = X509_STORE_getX_objects(ca_e->ca_store);
for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
x = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i));
if (!x)
@ -724,7 +724,7 @@ static STACK_OF(X509_NAME)* ssl_get_client_ca_file(char *path)
ca_name->xname = xn;
eb64_insert(&ca_name_tree, &ca_name->node);
}
sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free);
sk_X509_OBJECT_popX_free(objs, X509_OBJECT_free);
ca_e->ca_list = skn;
/* remove temporary ca_name tree */
node = eb64_first(&ca_name_tree);