[3.11] gh-114572: Fix locking in cert_store_stats and get_ca_certs (GH-114573) (#115549)
gh-114572: Fix locking in cert_store_stats and get_ca_certs (GH-114573) * gh-114572: Fix locking in cert_store_stats and get_ca_certs cert_store_stats and get_ca_certs query the SSLContext's X509_STORE with X509_STORE_get0_objects, but reading the result requires a lock. See https://github.com/openssl/openssl/pull/23224 for details. Instead, use X509_STORE_get1_objects, newly added in that PR. X509_STORE_get1_objects does not exist in current OpenSSLs, but we can polyfill it with X509_STORE_lock and X509_STORE_unlock. * Work around const-correctness problem * Add missing X509_STORE_get1_objects failure check * Add blurb (cherry picked from commit bce693111bff906ccf9281c22371331aaff766ab) Co-authored-by: David Benjamin <davidben@google.com>
M
Miss Islington (bot) committed
01c37f1d0714f5822d34063ca7180b595abf589d
Parent: 5a0d51b
Committed by GitHub <noreply@github.com>
on 2/20/2024, 4:34:44 PM