www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Reapply the fix *intended* by rev 1.79 in a safer manner. Prior to

Browse Source 
all assignments and the final SSL_free(), free ssl_conn->client_cert
  to avoid leaks of this refcounted X509*.  Prereleasing refcounted
  objects is unsafe programming; fix applied to both branches.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99252 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
William A. Rowe Jr
2003-04-05 19:04:44 +00:00
parent f2b610bc53
commit 067c217ce4
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/ssl/ssl_engine_kernel.c
View File

@@ -728,6 +728,9 @@ int ssl_hook_Access(request_rec *r)
* Remember the peer certificate's DN
*/
if ((cert = SSL_get_peer_certificate(ssl))) {
if (sslconn->client_cert) {
X509_free(sslconn->client_cert);
}
sslconn->client_cert = cert;
sslconn->client_dn = NULL;
}
@@ -1276,8 +1279,11 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
"Certificate Verification: Error (%d): %s",
errnum, X509_verify_cert_error_string(errnum));
if (sslconn->client_cert) {
X509_free(sslconn->client_cert);
sslconn->client_cert = NULL;
}
sslconn->client_dn = NULL;
sslconn->client_cert = NULL;
sslconn->verify_error = X509_verify_cert_error_string(errnum);
}