Purge certificates only when expanding plaintext buffer

2025-04-19 23:22:16 +03:00 · 2016-06-13 00:50:25 +08:00 · 2016-06-13 00:50:25 +08:00 · ab516f799d
commit ab516f799d
parent f41146fb17
1 changed files with 3 additions and 8 deletions
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@ -288,10 +288,6 @@ EXP_FUNC int STDCALL ssl_write(SSL *ssl, const uint8_t *out_data, int out_len)
    int n = out_len, nw, i, tot = 0;
    /* maximum size of a TLS packet is around 16kB, so fragment */

-    if (ssl->can_free_certificates) {
-        certificate_free(ssl);
-    }
-
    do 
    {
        nw = n;
@ -1226,10 +1222,6 @@ int basic_read(SSL *ssl, uint8_t **in_data)
    int read_len, is_client = IS_SET_SSL_FLAG(SSL_IS_CLIENT);
    uint8_t *buf = ssl->bm_data;

-    if (ssl->can_free_certificates) {
-        certificate_free(ssl);
-    }
-
    read_len = SOCKET_READ(ssl->client_fd, &buf[ssl->bm_read_index], 
                            ssl->need_bytes-ssl->got_bytes);

@ -1436,6 +1428,9 @@ int increase_bm_data_size(SSL *ssl, size_t size)
    if (ssl->max_plain_length == RT_MAX_PLAIN_LENGTH) {
        return SSL_OK;
    }
+    if (ssl->can_free_certificates) {
+        certificate_free(ssl);
+    }
    size_t required = (size + 1023) & ~(1023); // round up to 1k
    required = (required < RT_MAX_PLAIN_LENGTH) ? required : RT_MAX_PLAIN_LENGTH;
    uint8_t* new_bm_all_data = (uint8_t*) realloc(ssl->bm_all_data, required + RT_EXTRA);