ssl_callback_SSLVerify() was calling (the expensive) X509_NAME_oneline()

function and free() of the return value twice each, for logging
regardless of SSLLogLevel.  changed to happen only if SSLLogLevel >= trace
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92236 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/ssl_engine_kernel.c

@@ -1235,8 +1235,6 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
     X509 *xs;
     int errnum;
     int errdepth;
-    char *cp;
-    char *cp2;
     int depth;
     int verify;
 
@@ -1261,16 +1259,18 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
     /*
      * Log verification information
      */
-    cp  = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
+    if (sc->nLogLevel >= SSL_LOG_TRACE) {
-    cp2 = X509_NAME_oneline(X509_get_issuer_name(xs),  NULL, 0);
+        char *cp  = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
-    ssl_log(s, SSL_LOG_TRACE,
+        char *cp2 = X509_NAME_oneline(X509_get_issuer_name(xs),  NULL, 0);
-            "Certificate Verification: depth: %d, subject: %s, issuer: %s",
+        ssl_log(s, SSL_LOG_TRACE,
-            errdepth, cp != NULL ? cp : "-unknown-",
+                "Certificate Verification: depth: %d, subject: %s, issuer: %s",
-            cp2 != NULL ? cp2 : "-unknown");
+                errdepth, cp != NULL ? cp : "-unknown-",
-    if (cp)
+                cp2 != NULL ? cp2 : "-unknown");
-        free(cp);
+        if (cp)
-    if (cp2)
+            free(cp);
-        free(cp2);
+        if (cp2)
+            free(cp2);
+    }
 
     /*
      * Check for optionally acceptable non-verifiable issuer situation