www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

A cosmetic change to 1.79 - a real X509 *cert is in play, don't use

Browse Source 
that same variable to retrieve/release the quick lookup and discard
  of the peercert.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99244 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
William A. Rowe Jr
2003-04-05 18:18:08 +00:00
parent c5daf7a3dd
commit 0bf3ccaa6c
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
modules/ssl/ssl_engine_kernel.c
View File

@@ -209,6 +209,7 @@ int ssl_hook_Access(request_rec *r)
int ok, i; int ok, i;
BOOL renegotiate = FALSE, renegotiate_quick = FALSE; BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
X509 *cert; X509 *cert;
X509 *peercert;
X509_STORE *cert_store = NULL; X509_STORE *cert_store = NULL;
X509_STORE_CTX cert_store_ctx; X509_STORE_CTX cert_store_ctx;
STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL; STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
@@ -456,10 +457,10 @@ int ssl_hook_Access(request_rec *r)
if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) && if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
(verify_old == SSL_VERIFY_NONE) && (verify_old == SSL_VERIFY_NONE) &&
((cert = SSL_get_peer_certificate(ssl)) != NULL)) ((peercert = SSL_get_peer_certificate(ssl)) != NULL))
{ {
renegotiate_quick = TRUE; renegotiate_quick = TRUE;
X509_free(cert); X509_free(peercert);
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
@@ -746,13 +747,16 @@ int ssl_hook_Access(request_rec *r)
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
} }
if (do_verify && if (do_verify) {
((cert = SSL_get_peer_certificate(ssl)) == NULL)) { if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Re-negotiation handshake failed: " "Re-negotiation handshake failed: "
"Client certificate missing"); "Client certificate missing");
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
}
X509_free(peercert);
} }
} }
} }