From 16f975ced8a6213a6ae4332fb934fc00afc9c10b Mon Sep 17 00:00:00 2001 From: Joseph Birr-Pixton Date: Mon, 8 Apr 2024 14:48:40 +0100 Subject: [PATCH] Correct ownership semantics of `SSL_{CTX_,}use_certificate` --- rustls-libssl/src/entry.rs | 12 +++++++++--- rustls-libssl/src/lib.rs | 4 ++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/rustls-libssl/src/entry.rs b/rustls-libssl/src/entry.rs index 109aa8e..fdb4edd 100644 --- a/rustls-libssl/src/entry.rs +++ b/rustls-libssl/src/entry.rs @@ -516,7 +516,10 @@ entry! { return Error::null_pointer().raise().into(); } - let ee = CertificateDer::from(OwnedX509::new(x).der_bytes()); + let x509 = OwnedX509::new(x); + // `x` belongs to caller. + x509.up_ref(); + let ee = CertificateDer::from(x509.der_bytes()); match ctx .lock() @@ -1487,12 +1490,15 @@ entry! { return Error::null_pointer().raise().into(); } - let chain = vec![CertificateDer::from(OwnedX509::new(x).der_bytes())]; + let x509 = OwnedX509::new(x); + // `x` belongs to caller. + x509.up_ref(); + let ee = CertificateDer::from(x509.der_bytes()); match ssl .lock() .map_err(|_| Error::cannot_lock()) - .map(|mut ssl| ssl.stage_certificate_chain(chain)) + .map(|mut ssl| ssl.stage_certificate_end(ee)) { Err(e) => e.raise().into(), Ok(()) => C_INT_SUCCESS, diff --git a/rustls-libssl/src/lib.rs b/rustls-libssl/src/lib.rs index a5fae04..0396ac1 100644 --- a/rustls-libssl/src/lib.rs +++ b/rustls-libssl/src/lib.rs @@ -518,6 +518,10 @@ impl Ssl { .unwrap_or_default(); } + fn stage_certificate_end(&mut self, end: CertificateDer<'static>) { + self.auth_keys.stage_certificate_end(end) + } + fn stage_certificate_chain(&mut self, chain: Vec>) { self.auth_keys.stage_certificate_chain(chain) }