From a8117990d83657e6232d49e9ed71b6b058bbb113 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Przemys=C5=82aw=20Czerpak?= <druzus@poczta.onet.pl>
Date: Tue, 28 Jan 2025 13:46:38 +0100
Subject: [PATCH] 2025-01-28 13:46 UTC+0100 Przemyslaw Czerpak
 (druzus/at/poczta.onet.pl)   * contrib/hbssl/hbssl.h   *
 contrib/hbssl/evppkey.c   * contrib/hbssl/rsa.c     * reenabled
 hb_RSA_par_remove() for old OpenSSL() versions (<=0.9.6) which       do not
 support RSA_up_ref()

  * contrib/hbssl/ssl.c
    ! use
         x509 = X509_dup( x509 );
         X509_check_purpose( x509, -1, 0 );
      instead of
         X509_up_ref( x509 );
      in OpenSSL versions prior 0x10100000L - they do not support X509_up_ref()

  * contrib/hbssl/x509.c
    * check passed parameters more strictly
    * return NIL when X509 certificate cannot be allocated/accessed
---
 ChangeLog.txt           | 19 +++++++++++++++++++
 contrib/hbssl/evppkey.c |  4 ++++
 contrib/hbssl/hbssl.h   |  1 +
 contrib/hbssl/rsa.c     |  8 ++++++++
 contrib/hbssl/ssl.c     | 11 +++++++++++
 contrib/hbssl/x509.c    | 15 +++++++++++----
 6 files changed, 54 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 8afb8f245a..5389cf2b7c 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -7,6 +7,25 @@
    Entries may not always be in chronological/commit order.
    See license at the end of file. */
 
+2025-01-28 13:46 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
+  * contrib/hbssl/hbssl.h
+  * contrib/hbssl/evppkey.c
+  * contrib/hbssl/rsa.c
+    * reenabled hb_RSA_par_remove() for old OpenSSL() versions (<=0.9.6) which
+      do not support RSA_up_ref()
+
+  * contrib/hbssl/ssl.c
+    ! use
+         x509 = X509_dup( x509 );
+         X509_check_purpose( x509, -1, 0 );
+      instead of
+         X509_up_ref( x509 );
+      in OpenSSL versions prior 0x10100000L - they do not support X509_up_ref()
+
+  * contrib/hbssl/x509.c
+    * check passed parameters more strictly
+    * return NIL when X509 certificate cannot be allocated/accessed
+
 2025-01-28 12:23 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
   * contrib/hbssl/bio.c
     ! do not leave dummy BIO declaration for OpenSSL < 1.1.0
diff --git a/contrib/hbssl/evppkey.c b/contrib/hbssl/evppkey.c
index 56977f471f..77ee457d62 100644
--- a/contrib/hbssl/evppkey.c
+++ b/contrib/hbssl/evppkey.c
@@ -238,7 +238,11 @@ HB_FUNC( EVP_PKEY_ASSIGN_RSA )
          res = EVP_PKEY_assign_RSA( pkey, key );
 
          if( res != 0 )
+#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
             RSA_up_ref( key );
+#else
+            hb_RSA_par_remove( 2 );
+#endif
       }
       hb_retni( res );
    }
diff --git a/contrib/hbssl/hbssl.h b/contrib/hbssl/hbssl.h
index f3b055867b..9ce82b327f 100644
--- a/contrib/hbssl/hbssl.h
+++ b/contrib/hbssl/hbssl.h
@@ -219,6 +219,7 @@ extern void               hb_X509_ret( X509 * x509 );
 
 extern HB_BOOL            hb_RSA_is( int iParam );
 extern RSA *              hb_RSA_par( int iParam );
+extern void               hb_RSA_par_remove( int iParam );
 extern void               hb_RSA_ret( RSA * rsa );
 
 extern HB_BOOL            hb_EVP_MD_is( int iParam );
diff --git a/contrib/hbssl/rsa.c b/contrib/hbssl/rsa.c
index ff60137e47..5160b5c13e 100644
--- a/contrib/hbssl/rsa.c
+++ b/contrib/hbssl/rsa.c
@@ -81,6 +81,14 @@ RSA * hb_RSA_par( int iParam )
    return ph ? ( RSA * ) *ph : NULL;
 }
 
+void hb_RSA_par_remove( int iParam )
+{
+   void ** ph = ( void ** ) hb_parptrGC( &s_gcRSA_funcs, iParam );
+
+   if( ph && * ph )
+      *ph = NULL;
+}
+
 void hb_RSA_ret( RSA * rsa )
 {
    void ** ph = ( void ** ) hb_gcAllocate( sizeof( RSA * ), &s_gcRSA_funcs );
diff --git a/contrib/hbssl/ssl.c b/contrib/hbssl/ssl.c
index ef7f0ffa05..a82b363dc8 100644
--- a/contrib/hbssl/ssl.c
+++ b/contrib/hbssl/ssl.c
@@ -72,6 +72,9 @@
 #endif
 
 #include "hbssl.h"
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#include <openssl/x509v3.h>
+#endif
 
 #include "hbapiitm.h"
 #include "hbvm.h"
@@ -1433,7 +1436,15 @@ HB_FUNC( SSL_GET_CERTIFICATE )
          X509 * x509 = SSL_get_certificate( ssl );
 
          if( x509 )
+         {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
             X509_up_ref( x509 );
+#else
+            x509 = X509_dup( x509 );
+            if( x509 )
+               X509_check_purpose( x509, -1, 0 );
+#endif
+         }
          hb_X509_ret( x509 );
       }
    }
diff --git a/contrib/hbssl/x509.c b/contrib/hbssl/x509.c
index 40720b375e..2d50482e26 100644
--- a/contrib/hbssl/x509.c
+++ b/contrib/hbssl/x509.c
@@ -85,7 +85,9 @@ static const HB_GC_FUNCS s_gcX509_funcs =
 
 HB_BOOL hb_X509_is( int iParam )
 {
-   return hb_parptrGC( &s_gcX509_funcs, iParam ) != NULL;
+   PHB_X509 ph = ( PHB_X509 ) hb_parptrGC( &s_gcX509_funcs, iParam );
+
+   return ph && ph->pX509;
 }
 
 X509 * hb_X509_par( int iParam )
@@ -97,11 +99,16 @@ X509 * hb_X509_par( int iParam )
 
 void hb_X509_ret( X509 * x509 )
 {
-   PHB_X509 ph = ( PHB_X509 ) hb_gcAllocate( sizeof( HB_X509 ), &s_gcX509_funcs );
+   if( x509 )
+   {
+      PHB_X509 ph = ( PHB_X509 ) hb_gcAllocate( sizeof( HB_X509 ), &s_gcX509_funcs );
 
-   ph->pX509    = x509;
+      ph->pX509    = x509;
 
-   hb_retptrGC( ( void * ) ph );
+      hb_retptrGC( ( void * ) ph );
+   }
+   else
+      hb_ret();
 }
 
 HB_FUNC( X509_GET_SUBJECT_NAME )