enum ocsp_result result = OCSP_INVALID;
X509_STORE *store;
STACK_OF(X509) *untrusted = NULL, *certs = NULL, *chain = NULL;
- X509_STORE_CTX ctx;
+ X509_STORE_CTX *ctx = NULL;
X509 *signer, *tmp_cert;
int signer_trusted = 0;
EVP_PKEY *skey;
"OpenSSL: Found OCSP signer certificate %s and verified BasicOCSPResponse signature",
buf);
- if (!X509_STORE_CTX_init(&ctx, store, signer, untrusted))
+ ctx = X509_STORE_CTX_new();
+ if (!ctx || !X509_STORE_CTX_init(ctx, store, signer, untrusted))
goto fail;
- X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
- ret = X509_verify_cert(&ctx);
- chain = X509_STORE_CTX_get1_chain(&ctx);
- X509_STORE_CTX_cleanup(&ctx);
+ X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
+ ret = X509_verify_cert(ctx);
+ chain = X509_STORE_CTX_get1_chain(ctx);
+ X509_STORE_CTX_cleanup(ctx);
if (ret <= 0) {
wpa_printf(MSG_DEBUG,
"OpenSSL: Could not validate OCSP signer certificate");
sk_X509_pop_free(certs, X509_free);
BasicOCSPResponse_free(basic);
OCSPResponse_free(resp);
+ X509_STORE_CTX_free(ctx);
return result;
}
projects / thirdparty / hostap.git / commitdiff
