From db54269c06e32c363877fda37fdabd86086f6fb8 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 27 Jul 2021 14:27:18 +0200
Subject: [PATCH] [mod_wolfssl] wolfSSL_sk_X509_NAME_push change

adjust code for wolfSSL_sk_X509_NAME_push() interface change in
wolfssl v4.8.0

[gstrauss: edited var names, whitespace, comments, commit message]

x-ref:
  "[wolfssl] Correct return check for wolfSSL_sk_X509_NAME_push"
  https://github.com/lighttpd/lighttpd1.4/pull/107

github: closes #107
---
 src/mod_wolfssl.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c
index d410b0bb..4daca8e3 100644
--- a/src/mod_wolfssl.c
+++ b/src/mod_wolfssl.c
@@ -811,6 +811,9 @@ mod_wolfssl_load_client_CA_file (const buffer *ssl_ca_file, log_error_st *errh)
         return NULL;
     }
 
+    /* wolfSSL_sk_X509_NAME_push prior to version 4.8.0 returned 0 on success.
+     * The return value was changed to WOLFSSL_SUCCESS (not 0) from 4.8.0. */
+    const int x = wolfSSL_lib_version_hex() < 0x04008000 ? 0 : WOLFSSL_SUCCESS;
     for (int i = 0; NULL != certs[i]; ++i) {
         WOLFSSL_X509 *ca =
           wolfSSL_X509_load_certificate_buffer((unsigned char *)certs[i]->ptr,
@@ -819,7 +822,7 @@ mod_wolfssl_load_client_CA_file (const buffer *ssl_ca_file, log_error_st *errh)
         WOLFSSL_X509_NAME *subj = NULL;
         if (NULL == ca
             || NULL == (subj = wolfSSL_X509_get_subject_name(ca))
-            || 0 != wolfSSL_sk_X509_NAME_push(canames,
+            || x != wolfSSL_sk_X509_NAME_push(canames,
                                               wolfSSL_X509_NAME_dup(subj))) {
             log_error(errh, __FILE__, __LINE__,
               "SSL: couldn't read X509 certificates from '%s'",
@@ -865,6 +868,9 @@ mod_wolfssl_load_cacerts (const buffer *ssl_ca_file, log_error_st *errh)
         return NULL;
     }
 
+    /* wolfSSL_sk_X509_NAME_push prior to version 4.8.0 returned 0 on success.
+     * The return value was changed to WOLFSSL_SUCCESS (not 0) from 4.8.0. */
+    const int x = wolfSSL_lib_version_hex() < 0x04008000 ? 0 : WOLFSSL_SUCCESS;
     for (int i = 0; NULL != certs[i]; ++i) {
         WOLFSSL_X509 *ca =
           wolfSSL_X509_load_certificate_buffer((unsigned char *)certs[i]->ptr,
@@ -873,7 +879,7 @@ mod_wolfssl_load_cacerts (const buffer *ssl_ca_file, log_error_st *errh)
         WOLFSSL_X509_NAME *subj = NULL;
         if (NULL == ca || !wolfSSL_X509_STORE_add_cert(castore, ca)
             || NULL == (subj = wolfSSL_X509_get_subject_name(ca))
-            || 0 != wolfSSL_sk_X509_NAME_push(canames,
+            || x != wolfSSL_sk_X509_NAME_push(canames,
                                               wolfSSL_X509_NAME_dup(subj))) {
             log_error(errh, __FILE__, __LINE__,
               "SSL: couldn't read X509 certificates from '%s'",