mirror of
http://git.haproxy.org/git/haproxy.git
synced 2026-02-04 20:53:37 +02:00
23e8ed6ea6
OpenSSL 4.0 is deprecating X509_STORE_get0_objects(). Every occurence of X509_STORE_get0_objects() was first replaced by X509_STORE_get1_objects(). This changes the ref count of the STACK_OF(X509_OBJECT) everywhere, and need it to be sk_X509_OBJECT_pop_free(objs, X509_OBJECT_free) each time. X509_STORE_get1_objects() is not available in AWS-LC, OpenSSL < 3.2, LibreSSL and WolfSSL, so we need to still be compatible with get0. To achieve this, 2 macros were added X509_STORE_getX_objects() and sk_X509_OBJECT_popX_free(), these macros will use either the get0 or the get1 macro depending on their availability. In the case of get0, sk_X509_OBJECT_popX_free() will just do nothing instead of trying to free. Don't backport that unless really needed if we want to be compatible with OpenSSL 4.0. It changes all the refcounts.