From e28e80d5b89fc422f6bdf118fa2a9b6ec5b904c9 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Fri, 15 Sep 2017 20:23:21 -0400
Subject: [PATCH] crypto: use X509_STORE_CTX_new

In OpenSSL 1.1.0, X509_STORE_CTX is opaque and thus cannot be
stack-allocated. This works in OpenSSL 1.1.0 and 1.0.2. Adapted from PR

PR-URL: https://github.com/nodejs/node/pull/16130
Backport-PR-URL: https://github.com/nodejs/node/pull/18622
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
---
 src/node_crypto.cc | 17 +++++------------
 1 file changed, 5 insertions(+), 12 deletions(-)

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 2e799ea799e4ce..441f8cdf4b954c 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -571,19 +571,12 @@ void SecureContext::SetKey(const FunctionCallbackInfo<Value>& args) {
 
 
 int SSL_CTX_get_issuer(SSL_CTX* ctx, X509* cert, X509** issuer) {
-  int ret;
-
   X509_STORE* store = SSL_CTX_get_cert_store(ctx);
-  X509_STORE_CTX store_ctx;
-
-  ret = X509_STORE_CTX_init(&store_ctx, store, nullptr, nullptr);
-  if (!ret)
-    goto end;
-
-  ret = X509_STORE_CTX_get1_issuer(issuer, &store_ctx, cert);
-  X509_STORE_CTX_cleanup(&store_ctx);
-
- end:
+  X509_STORE_CTX* store_ctx = X509_STORE_CTX_new();
+  int ret = store_ctx != nullptr &&
+            X509_STORE_CTX_init(store_ctx, store, nullptr, nullptr) == 1 &&
+            X509_STORE_CTX_get1_issuer(issuer, store_ctx, cert) == 1;
+  X509_STORE_CTX_free(store_ctx);
   return ret;
 }