A cosmetic change to 1.79 - a real X509 *cert is in play, don't use

that same variable to retrieve/release the quick lookup and discard of the peercert. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99244 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2003-04-05 18:18:08 +00:00
parent c5daf7a3dd
commit 0bf3ccaa6c
1 changed files with 12 additions and 8 deletions
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -209,6 +209,7 @@ int ssl_hook_Access(request_rec *r)
    int ok, i;
    BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
    X509 *cert;
+    X509 *peercert;
    X509_STORE *cert_store = NULL;
    X509_STORE_CTX cert_store_ctx;
    STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
@@ -456,10 +457,10 @@ int ssl_hook_Access(request_rec *r)

                if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
                    (verify_old == SSL_VERIFY_NONE) &&
-                    ((cert = SSL_get_peer_certificate(ssl)) != NULL))
+                    ((peercert = SSL_get_peer_certificate(ssl)) != NULL))
                {
                    renegotiate_quick = TRUE;
-                    X509_free(cert);
+                    X509_free(peercert);
                }

                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
@@ -746,14 +747,17 @@ int ssl_hook_Access(request_rec *r)
                return HTTP_FORBIDDEN;
            }

-            if (do_verify &&
-                ((cert = SSL_get_peer_certificate(ssl)) == NULL)) {
+            if (do_verify) {
+                if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
                    ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                                 "Re-negotiation handshake failed: "
                                 "Client certificate missing");

                    return HTTP_FORBIDDEN;
                }
+
+                X509_free(peercert);
+            }
        }
    }