crypto: Use reference count to manage cert_store

AdamMajer · MylesBorins · commit bf882fba350d · 2017-01-31T20:04:29.000-05:00
Setting reference count at the time of setting cert_store instead of trying to manage it by modifying internal states in destructor. PR-URL: #9409 Reviewed-By: Fedor Indutny <fedor@indutny.com> Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -785,6 +785,8 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
   }
 
   sc->ca_store_ = root_cert_store;
+  // Increment reference count so global store is not deleted along with CTX.
+  CRYPTO_add(&root_cert_store->references, 1, CRYPTO_LOCK_X509_STORE);
   SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);
 }
 
diff --git a/src/node_crypto.h b/src/node_crypto.h
@@ -140,13 +140,6 @@ class SecureContext : public BaseObject {
   void FreeCTXMem() {
     if (ctx_) {
       env()->isolate()->AdjustAmountOfExternalAllocatedMemory(-kExternalSize);
-      if (ctx_->cert_store == root_cert_store) {
-        // SSL_CTX_free() will attempt to free the cert_store as well.
-        // Since we want our root_cert_store to stay around forever
-        // we just clear the field. Hopefully OpenSSL will not modify this
-        // struct in future versions.
-        ctx_->cert_store = nullptr;
-      }
       SSL_CTX_free(ctx_);
       if (cert_ != nullptr)
         X509_free(cert_);

Original file line number	Diff line number	Diff line change
`@@ -785,6 +785,8 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {`
`785`	`785`	`}`
`786`	`786`
`787`	`787`	`sc->ca_store_ = root_cert_store;`
	`788`	`+ // Increment reference count so global store is not deleted along with CTX.`
	`789`	`+ CRYPTO_add(&root_cert_store->references, 1, CRYPTO_LOCK_X509_STORE);`
`788`	`790`	`SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);`
`789`	`791`	`}`
`790`	`792`