X-Git-Url: http://www.privoxy.org/gitweb/misc.html?a=blobdiff_plain;f=openssl.c;h=4b1fceb528662021a4eb88adf31a7be759f35cc3;hb=f1512b96baf74bc915b52c94c9c9b2550422b4db;hp=a57cb32e978cc60c4b8e39b0304204d1a2a29d1d;hpb=85bc700695d99d5858dbaa1448251e48df9ce747;p=privoxy.git
diff --git a/openssl.c b/openssl.c
index a57cb32e..4b1fceb5 100644
--- a/openssl.c
+++ b/openssl.c
@@ -8,7 +8,7 @@
*
* Copyright : Written by and Copyright (c) 2020 Maxim Antonov
* Copyright (C) 2017 Vaclav Svec. FIT CVUT.
- * Copyright (C) 2018-2020 by Fabian Keil
+ * Copyright (C) 2018-2022 by Fabian Keil
*
* This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
@@ -38,6 +38,13 @@
#include
#include
#include
+#ifdef _WIN32
+/* https://www.openssl.org/docs/faq.html
+ Iâve compiled a program under Windows and it crashes: Why?
+ tl,dr: because it needs this include:
+*/
+#include
+#endif /* _WIN32 */
#include "config.h"
#include "project.h"
@@ -790,17 +797,16 @@ extern int create_client_ssl_connection(struct client_state *csp)
* certificate and key inconsistence must be locked.
*/
privoxy_mutex_lock(&certificate_mutex);
-
ret = generate_host_certificate(csp);
+ privoxy_mutex_unlock(&certificate_mutex);
+
if (ret < 0)
{
log_error(LOG_LEVEL_ERROR,
"generate_host_certificate failed: %d", ret);
- privoxy_mutex_unlock(&certificate_mutex);
ret = -1;
goto exit;
}
- privoxy_mutex_unlock(&certificate_mutex);
if (!(ssl_attr->openssl_attr.ctx = SSL_CTX_new(SSLv23_server_method())))
{
@@ -1155,6 +1161,11 @@ extern int create_server_ssl_connection(struct client_state *csp)
goto exit;
}
+ /*
+ * XXX: Do we really have to do this always?
+ * Probably it's sufficient to do if the verification fails
+ * in which case we're sending the certificates to the client.
+ */
chain = SSL_get_peer_cert_chain(ssl);
if (chain)
{
@@ -1981,7 +1992,7 @@ static int generate_host_certificate(struct client_state *csp)
goto exit;
}
- issuer_name = X509_get_issuer_name(issuer_cert);
+ issuer_name = X509_get_subject_name(issuer_cert);
/*
* Loading keys from file or from buffer