From a9ba0299e2f9b849189df6992b750960328bc88f Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Fri, 4 Oct 2024 21:56:11 +0100
Subject: [PATCH 1/2] hashmap: add some asserts

Quiet down static code analysis.
---
 src/util/hashmap.h | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/util/hashmap.h b/src/util/hashmap.h
index b5fd9bce1..dbb88f665 100644
--- a/src/util/hashmap.h
+++ b/src/util/hashmap.h
@@ -340,6 +340,9 @@ typedef uint32_t git_hashmap_iter_t;
 		int error = name##__put_idx(&idx, &key_exists, h, key); \
 		if (error) \
 			return error; \
+		GIT_ASSERT((h)->flags); \
+		GIT_ASSERT((h)->keys); \
+		GIT_ASSERT((h)->keys); \
 		if (!key_exists)  \
 			(h)->keys[idx] = key; \
 		(h)->vals[idx] = val; \
@@ -382,8 +385,11 @@ typedef uint32_t git_hashmap_iter_t;
 		int error = name##__put_idx(&idx, &key_exists, h, key); \
 		if (error) \
 			return error; \
-		if (!key_exists)  \
+		GIT_ASSERT((h)->flags); \
+		GIT_ASSERT((h)->keys); \
+		if (!key_exists) { \
 			(h)->keys[idx] = key; \
+		} \
 		return 0; \
 	} \
 	GIT_UNUSED_FUNCTION scope int name##_iterate(git_hashmap_iter_t *iter, key_t *key, name *h) \

From e7db282676056fef5ec3a1dbe58e41dc80a015c2 Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Fri, 4 Oct 2024 22:16:09 +0100
Subject: [PATCH 2/2] openssl: dynamic loading fixes

---
 src/libgit2/streams/openssl_dynamic.c | 2 ++
 src/libgit2/streams/openssl_dynamic.h | 2 ++
 tests/libgit2/online/customcert.c     | 4 ++--
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/libgit2/streams/openssl_dynamic.c b/src/libgit2/streams/openssl_dynamic.c
index fc65fc619..fe679526f 100644
--- a/src/libgit2/streams/openssl_dynamic.c
+++ b/src/libgit2/streams/openssl_dynamic.c
@@ -65,6 +65,7 @@ int (*SSL_write)(SSL *ssl, const void *buf, int num);
 long (*SSL_CTX_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
 void (*SSL_CTX_free)(SSL_CTX *ctx);
 SSL_CTX *(*SSL_CTX_new)(const SSL_METHOD *method);
+X509_STORE *(*SSL_CTX_get_cert_store)(const SSL_CTX *);
 int (*SSL_CTX_set_cipher_list)(SSL_CTX *ctx, const char *str);
 int (*SSL_CTX_set_default_verify_paths)(SSL_CTX *ctx);
 long (*SSL_CTX_set_options)(SSL_CTX *ctx, long options);
@@ -195,6 +196,7 @@ int git_openssl_stream_dynamic_init(void)
 	SSL_CTX_ctrl = (long (*)(SSL_CTX *, int, long, void *))openssl_sym(&err, "SSL_CTX_ctrl", true);
 	SSL_CTX_free = (void (*)(SSL_CTX *))openssl_sym(&err, "SSL_CTX_free", true);
 	SSL_CTX_new = (SSL_CTX *(*)(const SSL_METHOD *))openssl_sym(&err, "SSL_CTX_new", true);
+	SSL_CTX_get_cert_store = (X509_STORE *(*)(const SSL_CTX *))openssl_sym(&err, "SSL_CTX_get_cert_store", true);
 	SSL_CTX_set_cipher_list = (int (*)(SSL_CTX *, const char *))openssl_sym(&err, "SSL_CTX_set_cipher_list", true);
 	SSL_CTX_set_default_verify_paths = (int (*)(SSL_CTX *ctx))openssl_sym(&err, "SSL_CTX_set_default_verify_paths", true);
 	SSL_CTX_set_options = (long (*)(SSL_CTX *, long))openssl_sym(&err, "SSL_CTX_set_options", false);
diff --git a/src/libgit2/streams/openssl_dynamic.h b/src/libgit2/streams/openssl_dynamic.h
index 34f7c749b..e59f1f93b 100644
--- a/src/libgit2/streams/openssl_dynamic.h
+++ b/src/libgit2/streams/openssl_dynamic.h
@@ -204,6 +204,7 @@ typedef void SSL_METHOD;
 typedef void X509;
 typedef void X509_NAME;
 typedef void X509_NAME_ENTRY;
+typedef void X509_STORE;
 typedef void X509_STORE_CTX;
 
 typedef struct {
@@ -309,6 +310,7 @@ extern int (*SSL_write)(SSL *ssl, const void *buf, int num);
 extern long (*SSL_CTX_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
 extern void (*SSL_CTX_free)(SSL_CTX *ctx);
 extern SSL_CTX *(*SSL_CTX_new)(const SSL_METHOD *method);
+extern X509_STORE *(*SSL_CTX_get_cert_store)(const SSL_CTX *ctx);
 extern int (*SSL_CTX_set_cipher_list)(SSL_CTX *ctx, const char *str);
 extern int (*SSL_CTX_set_default_verify_paths)(SSL_CTX *ctx);
 extern long (*SSL_CTX_set_options)(SSL_CTX *ctx, long options);
diff --git a/tests/libgit2/online/customcert.c b/tests/libgit2/online/customcert.c
index 3acb88064..89694b5f4 100644
--- a/tests/libgit2/online/customcert.c
+++ b/tests/libgit2/online/customcert.c
@@ -10,7 +10,7 @@
 #include "str.h"
 #include "streams/openssl.h"
 
-#ifdef GIT_OPENSSL
+#if (GIT_OPENSSL && !GIT_OPENSSL_DYNAMIC)
 # include <openssl/ssl.h>
 # include <openssl/err.h>
 # include <openssl/x509v3.h>
@@ -91,7 +91,7 @@ void test_online_customcert__path(void)
 
 void test_online_customcert__raw_x509(void)
 {
-#ifdef GIT_OPENSSL
+#if (GIT_OPENSSL && !GIT_OPENSSL_DYNAMIC)
 	X509* x509_cert = NULL;
 	char cwd[GIT_PATH_MAX];
 	git_str raw_file = GIT_STR_INIT,