On Wed, Feb 6, 2019 at 5:34 PM Jouni Malinen <j@xxxxx> wrote:
>
> On Wed, Feb 06, 2019 at 04:50:04PM -0600, jared.bents@xxxxxxxxxxxxxxxxxxx wrote:
> > Update to use ctx cert_store functions instead of directly
> > using the struct to work with versions of openssl that
> > made the struct internal only.
>
> What is the baseline for this patch? It does not apply against the
> current hostap.git.
>
> > diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
> > @@ -1538,8 +1538,8 @@ struct tls_connection * tls_connection_init(void *ssl_ctx)
> > } else {
> > /*Free old store */
> > if (data->old_x509_store) X509_STORE_free(data->old_x509_store);
>
> I had dropped that part since SSL_CTX_set_cert_store() is documented to
> free the previously set store.
>
> > - data->old_x509_store = ssl->cert_store;
> > - ssl->cert_store = new_cert_store;
> > + data->old_x509_store = SSL_CTX_get_cert_store(ssl);
> > + SSL_CTX_set_cert_store(ssl, new_cert_store);
>
> And I had already replaced this with the new API wrapper when applying
> the previous patch.
>
Oh sorry, I had noticed the issue with my previous patches when
building hostapd with openssl 1.1.1a. I should have double checked the
state of master before assuming that the issue with my other patch
existed in master. Yes, this is not applicable.
Thank you
Jared
>
> --
> Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
