PackageCollectionsSigning: avoid peeking into X509_STORE_CTX (#3730)

compnerd · web-flow · commit 1ef30e333963 · 2021-09-10T09:10:28.000-07:00
This uses the `CCryptoBoringSSL_X509_STORE_CTX_get_current_cert`
accessor to access the `current_cert` member.  This is purely a cleanup
change that will become important when swift-crypto is bumped as
BoringSSL has made more of the interfaces opaque.
diff --git a/Sources/PackageCollectionsSigning/Certificate/CertificatePolicy.swift b/Sources/PackageCollectionsSigning/Certificate/CertificatePolicy.swift
@@ -182,7 +182,7 @@ extension CertificatePolicy {
                 // Certs could have unknown critical extensions and cause them to be rejected.
                 // Check if they are tolerable.
                 if errorCode == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION {
-                    guard let cert = ctx?.pointee.current_cert else {
+                    guard let ctx = ctx, let cert = CCryptoBoringSSL_X509_STORE_CTX_get_current_cert(ctx) else {
                         return result
                     }
 

Original file line number	Diff line number	Diff line change
`@@ -182,7 +182,7 @@ extension CertificatePolicy {`
`182`	`182`	`// Certs could have unknown critical extensions and cause them to be rejected.`
`183`	`183`	`// Check if they are tolerable.`
`184`	`184`	`if errorCode == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION {`
`185`		`- guard let cert = ctx?.pointee.current_cert else {`
	`185`	`+ guard let ctx = ctx, let cert = CCryptoBoringSSL_X509_STORE_CTX_get_current_cert(ctx) else {`
`186`	`186`	`return result`
`187`	`187`	`}`
`188`	`188`