On Mon, Mar 23, 2020 at 02:50:03PM +0100, Emmanuel Hocdet wrote:
>
> As discussed in #559
>
Can't we return directly a STACK_OF(X509)* structure instead of the
struct issuer_chain * ?
Because I have the impression that we use the struct issuer_chain only
to lookup and we only use the chain field of this structure.
> From af21a21caefbcbdcac9aedcd80e952713981e9a8 Mon Sep 17 00:00:00 2001
> From: Emmanuel Hocdet
> Date: Mon, 23 Mar 2020 11:29:11 +0100
> Subject: [PATCH] CLEANUP: ssl: rename ssl_get_issuer_chain to
> ssl_get0_issuer_chain
>
> Rename ssl_get_issuer_chain to ssl_get0_issuer_chain to be consistent
> with openssl >= 1.0.2 API.
> ---
> src/ssl_sock.c | 8
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/src/ssl_sock.c b/src/ssl_sock.c
> index 45a650a3d..86fa1a305 100644
> --- a/src/ssl_sock.c
> +++ b/src/ssl_sock.c
> @@ -161,7 +161,7 @@ static struct xprt_ops ssl_sock;
> int nb_engines = 0;
>
> static struct eb_root cert_issuer_tree = EB_ROOT; /* issuers tree from
> "issuers-chain-path" */
> -static struct issuer_chain* ssl_get_issuer_chain(X509 *cert);
> +static struct issuer_chain* ssl_get0_issuer_chain(X509 *cert);
>
> static struct {
> char *crt_base; /* base directory path for certificates */
> @@ -3629,7 +3629,7 @@ static int ssl_sock_put_ckch_into_ctx(const char *path,
> const struct cert_key_an
> } else {
> /* Find Certificate Chain in global */
> struct issuer_chain *issuer;
> - issuer = ssl_get_issuer_chain(ckch->cert);
> + issuer = ssl_get0_issuer_chain(ckch->cert);
> if (issuer)
> find_chain = issuer->chain;
> }
> @@ -10166,7 +10166,7 @@ static int ssl_load_global_issuer_from_BIO(BIO *in,
> char *fp, char **err)
> return ret;
> }
>
> -static struct issuer_chain* ssl_get_issuer_chain(X509 *cert)
> +static struct issuer_chain* ssl_get0_issuer_chain(X509 *cert)
> {
> AUTHORITY_KEYID *akid;
> struct issuer_chain *issuer = NULL;
> @@ -11268,7 +11268,7 @@ static int cli_io_handler_show_cert_detail(struct
> appctx *appctx)
> chain = ckchs->ckch->chain;
> if (chain == NULL) {
> struct issuer_chain *issuer;
> - issuer = ssl_get_issuer_chain(ckchs->ckch->cert);
> + issuer = ssl_get0_issuer_chain(ckchs->ckch->cert);
> if (issuer) {
> chain = issuer->chain;
> chunk_appendf(out, "Chain Filename: ");
--
William Lallemand