]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 037ac5c) | patch
Rework the "by store" X509_LOOKUP method to open the given URI early
authorRichard Levitte <levitte@openssl.org>
Wed, 30 Apr 2025 09:38:04 +0000 (11:38 +0200)
committerRichard Levitte <levitte@openssl.org>
Tue, 20 May 2025 12:09:14 +0000 (14:09 +0200)
commit1432e8596e5ec88de2f128eb70b798929810966a
tree6ad90de8e9ee1bfa148a5e63603cc35c40c92b56tree | snapshot
parent037ac5ca865c746a4c462e673389354d325bf56fcommit | diff
Rework the "by store" X509_LOOKUP method to open the given URI early

The cached X509_LOOKUP method data is no longer just the URI, but now
includes the OSSL_STORE_CTX pointer, and required parameters to reopen
the URI at any time.  cache_objects() is modified to handle this, and
only (re)open the URI when it wasn't previously opened, or when it was
closed by an earlier call.

This way, we can call OSSL_STORE_open_ex() in by_store_ctrl_ex(), and
get to see possible errors when the URI is loaded.

This assumes that if the URI could be opened once, it can be opened
again.

Fixes #27461

(cherry picked from commit 0c48ee2bf513cbc2f1de2ff8bc11750e4b593620)

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27551)

(cherry picked from commit 08220efd4aeee63094cd366099572b9e20076581)
crypto/x509/by_store.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git