fixup! tls: add allowPartialTrustChain flag

Author: addaleax

src/crypto/crypto_context.cc

@@ -761,15 +761,15 @@ void SecureContext::SetX509StoreFlag(unsigned long flags) {
 }
 
 X509_STORE* SecureContext::GetCertStoreOwnedByThisSecureContext() {
-  if (owned_cert_store_cached_ != nullptr) return owned_cert_store_cached_;
+  if (own_cert_store_cache_ != nullptr) return own_cert_store_cache_;
 
   X509_STORE* cert_store = SSL_CTX_get_cert_store(ctx_.get());
   if (cert_store == GetOrCreateRootCertStore()) {
     cert_store = NewRootCertStore();
     SSL_CTX_set_cert_store(ctx_.get(), cert_store);
   }
 
-  return owned_cert_store_cached_ = cert_store;
+  return own_cert_store_cache_ = cert_store;
 }
 
 void SecureContext::SetAllowPartialTrustChain(

src/crypto/crypto_context.h

@@ -147,7 +147,8 @@ class SecureContext final : public BaseObject {
   SSLCtxPointer ctx_;
   X509Pointer cert_;
   X509Pointer issuer_;
-  X509_STORE* owned_cert_store_cached_ = nullptr;
+  // Non-owning cache for SSL_CTX_get_cert_store(ctx_.get())
+  X509_STORE* own_cert_store_cache_ = nullptr;
 #ifndef OPENSSL_NO_ENGINE
   bool client_cert_engine_provided_ = false;
   ncrypto::EnginePointer private_key_engine_;

test/parallel/test-tls-client-allow-partial-trust-chain.js

@@ -1,20 +1,18 @@
 'use strict';
 const common = require('../common');
-
-if (!common.hasCrypto)
-  common.skip('missing crypto');
+if (!common.hasCrypto) { common.skip('missing crypto'); };
 
 const assert = require('assert');
 const { once } = require('events');
-const tls = require('tls');
 const fixtures = require('../common/fixtures');
 
 // agent6-cert.pem is signed by intermediate cert of ca3.
 // The server has a cert chain of agent6->ca3->ca1(root).
 
 const { it, beforeEach, afterEach, describe } = require('node:test');
 
-describe('allowPartialTrustChain', function() {
+describe('allowPartialTrustChain', { skip: !common.hasCrypto }, function() {
+  const tls = require('tls');
   let server;
   let client;
   let opts;