On Wed, Feb 06, 2019 at 04:50:04PM -0600, jared.bents@xxxxxxxxxxxxxxxxxxx wrote:
> Update to use ctx cert_store functions instead of directly
> using the struct to work with versions of openssl that
> made the struct internal only.
What is the baseline for this patch? It does not apply against the
current hostap.git.
> diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
> @@ -1538,8 +1538,8 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
> } else {
> /*Free old store */
> if (data->old_x509_store) X509_STORE_free(data->old_x509_store);
I had dropped that part since SSL_CTX_set_cert_store() is documented to
free the previously set store.
> - data->old_x509_store = ssl->cert_store;
> - ssl->cert_store = new_cert_store;
> + data->old_x509_store = SSL_CTX_get_cert_store(ssl);
> + SSL_CTX_set_cert_store(ssl, new_cert_store);
And I had already replaced this with the new API wrapper when applying
the previous patch.
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
