ssl_callback_SSLVerify() was calling (the expensive) X509_NAME_oneline()

function and free() of the return value twice each, for logging regardless of SSLLogLevel. changed to happen only if SSLLogLevel >= trace PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92236 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2001-11-29 06:27:41 +00:00
parent 2797fd1cc5
commit a2daa5ab2b
1 changed files with 12 additions and 12 deletions
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -1235,8 +1235,6 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
    X509 *xs;
    int errnum;
    int errdepth;
-    char *cp;
-    char *cp2;
    int depth;
    int verify;

@@ -1261,8 +1259,9 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
    /*
     * Log verification information
     */
-    cp  = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
-    cp2 = X509_NAME_oneline(X509_get_issuer_name(xs),  NULL, 0);
+    if (sc->nLogLevel >= SSL_LOG_TRACE) {
+        char *cp  = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0);
+        char *cp2 = X509_NAME_oneline(X509_get_issuer_name(xs),  NULL, 0);
        ssl_log(s, SSL_LOG_TRACE,
                "Certificate Verification: depth: %d, subject: %s, issuer: %s",
                errdepth, cp != NULL ? cp : "-unknown-",
@@ -1271,6 +1270,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
            free(cp);
        if (cp2)
            free(cp2);
+    }

    /*
     * Check for optionally acceptable non-verifiable issuer situation