Blame SOURCES/0001-https-segfault.patch

a233a8
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
a233a8
index aa2dafe..a327b23 100644
a233a8
--- a/src/node_crypto.cc
a233a8
+++ b/src/node_crypto.cc
a233a8
@@ -120,13 +120,13 @@ static X509_NAME *cnnic_ev_name =
a233a8
 
a233a8
 static Mutex* mutexes;
a233a8
 
a233a8
-static const char* const root_certs[] = {
a233a8
+const char* const root_certs[] = {
a233a8
 #include "node_root_certs.h"  // NOLINT(build/include_order)
a233a8
 };
a233a8
 
a233a8
-static std::string extra_root_certs_file;  // NOLINT(runtime/string)
a233a8
+std::string extra_root_certs_file;  // NOLINT(runtime/string)
a233a8
 
a233a8
-static X509_STORE* root_cert_store;
a233a8
+X509_STORE* root_cert_store;
a233a8
 
a233a8
 // Just to generate static methods
a233a8
 template class SSLWrap<TLSWrap>;
a233a8
@@ -865,8 +865,6 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
a233a8
     }
a233a8
   }
a233a8
 
a233a8
-  // Increment reference count so global store is not deleted along with CTX.
a233a8
-  X509_STORE_up_ref(root_cert_store);
a233a8
   SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
a233a8
 }
a233a8
 
a233a8
diff --git a/src/node_crypto.h b/src/node_crypto.h
a233a8
index 746c954..06a9017 100644
a233a8
--- a/src/node_crypto.h
a233a8
+++ b/src/node_crypto.h
a233a8
@@ -63,6 +63,8 @@ enum CheckResult {
a233a8
 
a233a8
 extern int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx);
a233a8
 
a233a8
+extern X509_STORE* root_cert_store;
a233a8
+
a233a8
 extern void UseExtraCaCerts(const std::string& file);
a233a8
 
a233a8
 // Forward declaration
a233a8
@@ -143,6 +145,13 @@ class SecureContext : public BaseObject {
a233a8
     }
a233a8
 
a233a8
     env()->isolate()->AdjustAmountOfExternalAllocatedMemory(-kExternalSize);
a233a8
+    if (ctx_->cert_store == root_cert_store) {
a233a8
+      // SSL_CTX_free() will attempt to free the cert_store as well.
a233a8
+      // Since we want our root_cert_store to stay around forever
a233a8
+      // we just clear the field. Hopefully OpenSSL will not modify this
a233a8
+      // struct in future versions.
a233a8
+      ctx_->cert_store = nullptr;
a233a8
+    }
a233a8
     SSL_CTX_free(ctx_);
a233a8
     if (cert_ != nullptr)
a233a8
       X509_free(cert_);