openssl: explicitly NULL initialize PKCS8_PRIV_KEY_INFO

Otherwise, PKCS8_PRIV_KEY_INFO_free will be called on an
uninitialized value if `!openssl->key` is true.

This results in WebKit TLS being broken at least with OpenSSL 3.x
and libsoup3.

Change-Id: I6cd3977f0c15c08a71600329de06f29081d66681
Part-of: <https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/201>

diff --git a/tls/openssl/gtlscertificate-openssl.c b/tls/openssl/gtlscertificate-openssl.c
index f3afc3d..7357c10 100644 (file)
--- a/tls/openssl/gtlscertificate-openssl.c
+++ b/tls/openssl/gtlscertificate-openssl.c
@@ -144,7 +144,7 @@ export_privkey_to_der (GTlsCertificateOpenssl  *openssl,
                        guint8                 **output_data,
                        long                    *output_size)
 {
-  PKCS8_PRIV_KEY_INFO *pkcs8;
+  PKCS8_PRIV_KEY_INFO *pkcs8 = NULL;
   BIO *bio = NULL;
   const guint8 *data;