From 6d559bf1dad5611f15165645aaad3c465cf6e0fe Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Tue, 15 Dec 2015 19:39:24 -0800
Subject: [PATCH] Cleanup SNI stuff

---
 openssl-sys-extras/src/lib.rs         |  2 --
 openssl-sys-extras/src/openssl_shim.c |  5 -----
 openssl/src/c_helpers.c               |  4 ++++
 openssl/src/ssl/mod.rs                | 19 ++++++-------------
 4 files changed, 10 insertions(+), 20 deletions(-)

diff --git a/openssl-sys-extras/src/lib.rs b/openssl-sys-extras/src/lib.rs
index f8751d18..08d9e3d2 100644
--- a/openssl-sys-extras/src/lib.rs
+++ b/openssl-sys-extras/src/lib.rs
@@ -77,6 +77,4 @@ extern {
     pub fn SSL_CTX_set_tlsext_servername_callback(ssl: *mut SSL_CTX, callback: Option<extern fn()>);
     #[link_name = "SSL_CTX_set_tlsext_servername_arg_shim"]
     pub fn SSL_CTX_set_tlsext_servername_arg(ssl: *mut SSL_CTX, arg: *const c_void);
-    #[link_name = "SSL_CTX_increment_refcount_shim"]
-    pub fn SSL_CTX_increment_refcount(ssl: *mut SSL_CTX) -> c_long;
 }
diff --git a/openssl-sys-extras/src/openssl_shim.c b/openssl-sys-extras/src/openssl_shim.c
index 3acd3d50..c3deeebc 100644
--- a/openssl-sys-extras/src/openssl_shim.c
+++ b/openssl-sys-extras/src/openssl_shim.c
@@ -139,11 +139,6 @@ long SSL_CTX_set_tlsext_servername_arg_shim(SSL_CTX *ctx, void* arg) {
     return SSL_CTX_set_tlsext_servername_arg(ctx, arg);
 }
 
-long SSL_CTX_increment_refcount_shim(SSL_CTX *ctx) {
-    int i = CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
-    return i;
-}
-
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
 int SSL_CTX_set_ecdh_auto_shim(SSL_CTX *ctx, int onoff) {
     return SSL_CTX_set_ecdh_auto(ctx, onoff);
diff --git a/openssl/src/c_helpers.c b/openssl/src/c_helpers.c
index 3739cfc2..402c36ec 100644
--- a/openssl/src/c_helpers.c
+++ b/openssl/src/c_helpers.c
@@ -3,3 +3,7 @@
 void rust_SSL_clone(SSL *ssl) {
     CRYPTO_add(&ssl->references, 1, CRYPTO_LOCK_SSL);
 }
+
+void rust_SSL_CTX_clone(SSL_CTX *ctx) {
+    CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
+}
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 6558e1a4..3b22c755 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -41,6 +41,7 @@ pub use ssl::error::Error;
 
 extern "C" {
     fn rust_SSL_clone(ssl: *mut ffi::SSL);
+    fn rust_SSL_CTX_clone(cxt: *mut ffi::SSL_CTX);
 }
 
 static mut VERIFY_IDX: c_int = -1;
@@ -297,20 +298,15 @@ extern fn raw_verify_with_data<T>(preverify_ok: c_int,
         let verify: Option<VerifyCallbackData<T>> = mem::transmute(verify);
 
         let data = ffi::SSL_CTX_get_ex_data(ssl_ctx, get_verify_data_idx::<T>());
-        let data: Box<T> = mem::transmute(data);
+        let data: &T = mem::transmute(data);
 
         let ctx = X509StoreContext::new(x509_ctx);
 
         let res = match verify {
             None => preverify_ok,
-            Some(verify) => verify(preverify_ok != 0, &ctx, &*data) as c_int
+            Some(verify) => verify(preverify_ok != 0, &ctx, data) as c_int
         };
 
-        // Since data might be required on the next verification
-        // it is time to forget about it and avoid dropping
-        // data will be freed once OpenSSL considers it is time
-        // to free all context data
-        mem::forget(data);
         res
     }
 }
@@ -321,6 +317,7 @@ extern fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, _arg: *mut c_void)
         let ssl_ctx = ffi::SSL_get_SSL_CTX(ssl);
         let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX);
         let callback: Option<ServerNameCallback> = mem::transmute(callback);
+        rust_SSL_clone(ssl);
         let mut s = Ssl { ssl: ssl };
 
         let res = match callback {
@@ -328,8 +325,6 @@ extern fn raw_sni(ssl: *mut ffi::SSL, ad: &mut c_int, _arg: *mut c_void)
             Some(callback) => callback(&mut s, ad)
         };
 
-        // Allows dropping the Ssl instance without calling SSL_FREE on the SSL object
-        mem::forget(s);
         res
     }
 }
@@ -341,6 +336,7 @@ extern fn raw_sni_with_data<T>(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_v
 
         let callback = ffi::SSL_CTX_get_ex_data(ssl_ctx, SNI_IDX);
         let callback: Option<ServerNameCallbackData<T>> = mem::transmute(callback);
+        rust_SSL_clone(ssl);
         let mut s = Ssl { ssl: ssl };
 
         let data: &T = mem::transmute(arg);
@@ -350,9 +346,6 @@ extern fn raw_sni_with_data<T>(ssl: *mut ffi::SSL, ad: &mut c_int, arg: *mut c_v
             Some(callback) => callback(&mut s, ad, &*data)
         };
 
-        // Allows dropping the Ssl instance without calling SSL_FREE on the SSL object
-        mem::forget(s);
-
         // Since data might be required on the next verification
         // it is time to forget about it and avoid dropping
         // data will be freed once OpenSSL considers it is time
@@ -984,7 +977,7 @@ impl Ssl {
     pub fn get_ssl_context(&self) -> SslContext {
         unsafe {
             let ssl_ctx = ffi::SSL_get_SSL_CTX(self.ssl);
-            ffi_extras::SSL_CTX_increment_refcount(ssl_ctx);
+            rust_SSL_CTX_clone(ssl_ctx);
             SslContext { ctx: ssl_ctx }
         }
     }