From: Matt Caswell <matt@openssl.org>
Date: Wed, 1 Apr 2020 15:05:07 +0000 (+0100)
Subject: Use X509_STORE_CTX_new_with_libctx() in libssl
X-Git-Tag: openssl-3.0.0-alpha1~137
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a959b4fa97a4781439eea359bae4216e5aa0c590;p=oweals%2Fopenssl.git

Use X509_STORE_CTX_new_with_libctx() in libssl

Libssl is OPENSSL_CTX aware so we should use it when creating an
X509_STORE_CTX.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11457)
---

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index f753bbee38..2b168edf6e 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -386,7 +386,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
     else
         verify_store = s->ctx->cert_store;
 
-    ctx = X509_STORE_CTX_new();
+    ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
     if (ctx == NULL) {
         SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
         return 0;
@@ -869,7 +869,7 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
             untrusted = cpk->chain;
     }
 
-    xs_ctx = X509_STORE_CTX_new();
+    xs_ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
     if (xs_ctx == NULL) {
         SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
         goto err;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 71a259e8f0..651871da51 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -958,7 +958,8 @@ static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
         chain_store = s->ctx->cert_store;
 
     if (chain_store != NULL) {
-        X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new();
+        X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx,
+                                                                s->ctx->propq);
 
         if (xs_ctx == NULL) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN,