Locking issues.
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 130bb79..85d58c8 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c
@@ -129,15 +129,23 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void) { - static int ssl_x509_store_ctx_idx= -1; + static volatile int ssl_x509_store_ctx_idx= -1; - /* FIXME: should do locking */ if (ssl_x509_store_ctx_idx < 0) { - ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( - 0,"SSL for verify callback",NULL,NULL,NULL); + /* any write lock will do; usually this branch + * will only be taken once anyway */ + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + + if (ssl_x509_store_ctx_idx < 0) + { + ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( + 0,"SSL for verify callback",NULL,NULL,NULL); + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); } - return(ssl_x509_store_ctx_idx); + return ssl_x509_store_ctx_idx; } CERT *ssl_cert_new(void) @@ -452,13 +460,15 @@ if (SSL_get_verify_depth(s) >= 0) X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); + /* We need to set the verify purpose. The purpose can be determined by * the context: if its a server it will verify SSL client certificates * or vice versa. - */ - - if(s->server) i = X509_PURPOSE_SSL_CLIENT; - else i = X509_PURPOSE_SSL_SERVER; + */ + if (s->server) + i = X509_PURPOSE_SSL_CLIENT; + else + i = X509_PURPOSE_SSL_SERVER; X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);