www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-01 07:26:57 +03:00
Code Activity

need to free X509_NAME duplicates already found in the stack built by

Browse Source 
ssl_init_FindCAList().


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93626 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Doug MacEachern
2002-02-28 04:00:51 +00:00
parent c892fe3559
commit c25e79513a
1 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
modules/ssl/ssl_engine_init.c
View File

@ -870,17 +870,26 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, apr_pool_t *pp, const ch
*/ */
skCAList = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp); skCAList = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp);
/*
* note that SSL_load_client_CA_file() checks for duplicates,
* but since we call it multiple times when reading a directory
* we must also check for duplicates ourselves.
*/
/* /*
* Process CA certificate bundle file * Process CA certificate bundle file
*/ */
if (cpCAfile != NULL) { if (cpCAfile != NULL) {
sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(cpCAfile); sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(cpCAfile);
for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) { for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
X509_NAME *name = sk_X509_NAME_value(sk, n);
ssl_log(s, SSL_LOG_TRACE, ssl_log(s, SSL_LOG_TRACE,
"CA certificate: %s", "CA certificate: %s",
X509_NAME_oneline(sk_X509_NAME_value(sk, n), NULL, 0)); X509_NAME_oneline(name, NULL, 0));
if (sk_X509_NAME_find(skCAList, sk_X509_NAME_value(sk, n)) < 0) if (sk_X509_NAME_find(skCAList, name) < 0)
sk_X509_NAME_push(skCAList, sk_X509_NAME_value(sk, n)); sk_X509_NAME_push(skCAList, name); /* this will be freed when skCAList is */
else
X509_NAME_free(name);
} }
sk_X509_NAME_free(sk); sk_X509_NAME_free(sk);
} }
@ -894,11 +903,14 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, apr_pool_t *pp, const ch
cp = apr_pstrcat(p, cpCApath, "/", direntry.name, NULL); cp = apr_pstrcat(p, cpCApath, "/", direntry.name, NULL);
sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(cp); sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(cp);
for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) { for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
X509_NAME *name = sk_X509_NAME_value(sk, n);
ssl_log(s, SSL_LOG_TRACE, ssl_log(s, SSL_LOG_TRACE,
"CA certificate: %s", "CA certificate: %s",
X509_NAME_oneline(sk_X509_NAME_value(sk, n), NULL, 0)); X509_NAME_oneline(name, NULL, 0));
if (sk_X509_NAME_find(skCAList, sk_X509_NAME_value(sk, n)) < 0) if (sk_X509_NAME_find(skCAList, name) < 0)
sk_X509_NAME_push(skCAList, sk_X509_NAME_value(sk, n)); sk_X509_NAME_push(skCAList, name); /* this will be freed when skCAList is */
else
X509_NAME_free(name);
} }
sk_X509_NAME_free(sk); sk_X509_NAME_free(sk);
} }