Box client_verify_callback

OCaml 5.0 doesn't permit out-of-heap pointers.

src/ssl_stubs.c

@@ -561,7 +561,9 @@ CAMLprim value ocaml_ssl_digest(value vevp, value vcert)
 
 CAMLprim value ocaml_ssl_get_client_verify_callback_ptr(value unit)
 {
-  return (value)client_verify_callback;
+  value v = caml_alloc_small(1, Abstract_tag);
+  *((int(**) (int, X509_STORE_CTX*))Data_abstract_val(v)) = client_verify_callback;
+  return v;
 }
 
 static int client_verify_callback_verbose = 1;
@@ -610,7 +612,12 @@ CAMLprim value ocaml_ssl_ctx_set_verify(value context, value vmode, value vcallb
   }
 
   if (Is_block(vcallback))
-    callback = (int(*) (int, X509_STORE_CTX*))Field(vcallback, 0);
+  {
+    vcallback = Field(vcallback, 0);
+    if (!Is_block(vcallback) || Wosize_val(vcallback) != 1)
+      caml_invalid_argument("callback");
+    callback = *((int(**) (int, X509_STORE_CTX*))Data_abstract_val(vcallback));
+  }
 
   caml_enter_blocking_section();
   SSL_CTX_set_verify(ctx, mode, callback);