X-Git-Url: http://www.privoxy.org/gitweb/show-status?a=blobdiff_plain;f=openssl.c;h=39f465310a07ba4e0cfadf167cccdc22bcdcb0d8;hb=de207b7461b11dce70902251c5a1cdc111f773e9;hp=a57cb32e978cc60c4b8e39b0304204d1a2a29d1d;hpb=babd5dc0098b2c1703e1c1395c5262ec293c283e;p=privoxy.git

diff --git a/openssl.c b/openssl.c
index a57cb32e..39f46531 100644
--- a/openssl.c
+++ b/openssl.c
@@ -8,7 +8,7 @@
  *
  * Copyright   :  Written by and Copyright (c) 2020 Maxim Antonov <mantonov@gmail.com>
  *                Copyright (C) 2017 Vaclav Svec. FIT CVUT.
- *                Copyright (C) 2018-2020 by Fabian Keil <fk@fabiankeil.de>
+ *                Copyright (C) 2018-2022 by Fabian Keil <fk@fabiankeil.de>
  *
  *                This program is free software; you can redistribute it
  *                and/or modify it under the terms of the GNU General
@@ -38,6 +38,13 @@
 #include <openssl/pem.h>
 #include <openssl/md5.h>
 #include <openssl/x509v3.h>
+#ifdef _WIN32
+/* https://www.openssl.org/docs/faq.html
+   I’ve compiled a program under Windows and it crashes: Why?
+   tl,dr: because it needs this include:
+*/
+#include <openssl/applink.c>
+#endif /* _WIN32 */
 
 #include "config.h"
 #include "project.h"
@@ -790,17 +797,16 @@ extern int create_client_ssl_connection(struct client_state *csp)
     * certificate and key inconsistence must be locked.
     */
    privoxy_mutex_lock(&certificate_mutex);
-
    ret = generate_host_certificate(csp);
+   privoxy_mutex_unlock(&certificate_mutex);
+
    if (ret < 0)
    {
       log_error(LOG_LEVEL_ERROR,
-         "generate_host_certificate failed: %d", ret);
-      privoxy_mutex_unlock(&certificate_mutex);
+         "generate_host_certificate() failed: %d", ret);
       ret = -1;
       goto exit;
    }
-   privoxy_mutex_unlock(&certificate_mutex);
 
    if (!(ssl_attr->openssl_attr.ctx = SSL_CTX_new(SSLv23_server_method())))
    {
@@ -1155,6 +1161,11 @@ extern int create_server_ssl_connection(struct client_state *csp)
       goto exit;
    }
 
+   /*
+    * XXX: Do we really have to do this always?
+    *      Probably it's sufficient to do if the verification fails
+    *      in which case we're sending the certificates to the client.
+    */
    chain = SSL_get_peer_cert_chain(ssl);
    if (chain)
    {
@@ -1981,7 +1992,7 @@ static int generate_host_certificate(struct client_state *csp)
       goto exit;
    }
 
-   issuer_name = X509_get_issuer_name(issuer_cert);
+   issuer_name = X509_get_subject_name(issuer_cert);
 
    /*
     * Loading keys from file or from buffer