Explicitly cache the X509v3_extensions in one more place in libssl

Make sure we cache the extensions for a cert using the right libctx. Reviewed-by: N Richard Levitte <levitte@openssl.org> Reviewed-by: N Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11457)

Explicitly cache the X509v3_extensions in one more place in libssl
Make sure we cache the extensions for a cert using the right libctx. Reviewed-by: N Richard Levitte <levitte@openssl.org> Reviewed-by: N Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11457)
e66c37de · Matt Caswell · 0c56a648 · e66c37de
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

ssl/ssl_rsa.c ssl/ssl_rsa.c +6 -0

未找到文件。
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -1055,9 +1055,15 @@ static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *pr
    int j;
    int rv;
    CERT *c = ssl != NULL ? ssl->cert : ctx->cert;
+    SSL_CTX *actualctx = ssl == NULL ? ctx : ssl->ctx;
    STACK_OF(X509) *dup_chain = NULL;
    EVP_PKEY *pubkey = NULL;

+    if (!X509v3_cache_extensions(x509, actualctx->libctx, actualctx->propq)) {
+        SSLerr(0, ERR_R_X509_LIB);
+        goto out;
+    }
+
    /* Do all security checks before anything else */
    rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
    if (rv != 1) {