$OpenBSD: patch-src_third_party_asio-asio-1-11-0_asio_include_asio_ssl_impl_context_ipp,v 1.1 2021/05/10 15:10:11 tb Exp $

Index: src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp
--- src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp.orig
+++ src/third_party/asio-asio-1-11-0/asio/include/asio/ssl/impl/context.ipp
@@ -192,13 +192,14 @@ context::~context()
 {
   if (handle_)
   {
-    if (handle_->default_passwd_callback_userdata)
+    void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
+    if (cb_userdata)
     {
       detail::password_callback_base* callback =
         static_cast<detail::password_callback_base*>(
-            handle_->default_passwd_callback_userdata);
+            cb_userdata);
       delete callback;
-      handle_->default_passwd_callback_userdata = 0;
+      ::SSL_CTX_set_default_passwd_cb_userdata(handle_, 0);
     }
 
     if (SSL_CTX_get_app_data(handle_))
@@ -528,10 +529,12 @@ asio::error_code context::use_certificate_chain(
   bio_cleanup bio = { make_buffer_bio(chain) };
   if (bio.p)
   {
+    pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
+    void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
     x509_cleanup cert = {
       ::PEM_read_bio_X509_AUX(bio.p, 0,
-          handle_->default_passwd_callback,
-          handle_->default_passwd_callback_userdata) };
+          callback,
+          cb_userdata) };
     if (!cert.p)
     {
       ec = asio::error_code(ERR_R_PEM_LIB,
@@ -548,15 +551,11 @@ asio::error_code context::use_certificate_chain(
       return ec;
     }
 
-    if (handle_->extra_certs)
-    {
-      ::sk_X509_pop_free(handle_->extra_certs, X509_free);
-      handle_->extra_certs = 0;
-    }
+    ::SSL_CTX_clear_chain_certs(handle_);
 
     while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0,
-          handle_->default_passwd_callback,
-          handle_->default_passwd_callback_userdata))
+          callback,
+          cb_userdata))
     {
       if (!::SSL_CTX_add_extra_chain_cert(handle_, cacert))
       {
@@ -621,6 +620,9 @@ asio::error_code context::use_private_key(
 {
   ::ERR_clear_error();
 
+  pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
+  void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
+
   bio_cleanup bio = { make_buffer_bio(private_key) };
   if (bio.p)
   {
@@ -632,8 +634,8 @@ asio::error_code context::use_private_key(
       break;
     case context_base::pem:
       evp_private_key.p = ::PEM_read_bio_PrivateKey(
-          bio.p, 0, handle_->default_passwd_callback,
-          handle_->default_passwd_callback_userdata);
+          bio.p, 0, callback,
+          cb_userdata);
       break;
     default:
       {
@@ -680,6 +682,9 @@ asio::error_code context::use_rsa_private_key(
 {
   ::ERR_clear_error();
 
+  pem_password_cb* callback = ::SSL_CTX_get_default_passwd_cb(handle_);
+  void* cb_userdata = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
+
   bio_cleanup bio = { make_buffer_bio(private_key) };
   if (bio.p)
   {
@@ -691,8 +696,8 @@ asio::error_code context::use_rsa_private_key(
       break;
     case context_base::pem:
       rsa_private_key.p = ::PEM_read_bio_RSAPrivateKey(
-          bio.p, 0, handle_->default_passwd_callback,
-          handle_->default_passwd_callback_userdata);
+          bio.p, 0, callback,
+          cb_userdata);
       break;
     default:
       {
@@ -911,11 +916,12 @@ int context::verify_callback_function(int preverified,
 asio::error_code context::do_set_password_callback(
     detail::password_callback_base* callback, asio::error_code& ec)
 {
-  if (handle_->default_passwd_callback_userdata)
-    delete static_cast<detail::password_callback_base*>(
-        handle_->default_passwd_callback_userdata);
+  void* old_callback = ::SSL_CTX_get_default_passwd_cb_userdata(handle_);
+  ::SSL_CTX_set_default_passwd_cb_userdata(handle_, callback);
 
-  handle_->default_passwd_callback_userdata = callback;
+  if (old_callback)
+    delete static_cast<detail::password_callback_base*>(
+        old_callback);
 
   SSL_CTX_set_default_passwd_cb(handle_, &context::password_callback_function);
 
