Fix xfcc_integration_test by correcting SSL_get0_peer_certificate in bssl-compat

dcillera · dcillera · commit 65024b15a39d · 2025-05-30T22:17:15.000+02:00
diff --git a/bssl-compat/patch/include/openssl/pool.h.sh b/bssl-compat/patch/include/openssl/pool.h.sh
@@ -5,4 +5,5 @@ set -euo pipefail
 uncomment.sh "$1" --comment -h \
   --uncomment-func-decl 'CRYPTO_BUFFER_new' \
   --uncomment-func-decl 'CRYPTO_BUFFER_free' \
-  --uncomment-regex 'BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER,'
+  --uncomment-regex 'BORINGSSL_MAKE_DELETER(CRYPTO_BUFFER,' \
+  --uncomment-regex 'DEFINE_STACK_OF(CRYPTO_BUFFER)'
diff --git a/bssl-compat/source/SSL_get0_peer_certificates.c b/bssl-compat/source/SSL_get0_peer_certificates.c
@@ -1,13 +1,17 @@
 #include <openssl/ssl.h>
 #include <ossl.h>
 
-STACK_OF(CRYPTO_BUFFER) *criptoBuffer;
+// Dummy buffer just to return a non null value in SSL_get0_peer_certificates
+STACK_OF(CRYPTO_BUFFER) *criptoBuffer = NULL;
 
 const STACK_OF(CRYPTO_BUFFER) *SSL_get0_peer_certificates(const SSL *ssl) {
   STACK_OF(X509) *x509Temp = SSL_get_peer_cert_chain(ssl);
   if(x509Temp == NULL)
     return NULL;
-  else
+  else {
+    if(criptoBuffer == NULL) {
+      criptoBuffer = sk_CRYPTO_BUFFER_new_null();
+    }
     return criptoBuffer;
+  }
 }
-
