httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From do...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c
Date Thu, 29 Nov 2001 06:52:18 GMT
dougm       01/11/28 22:52:18

  Modified:    modules/ssl ssl_engine_kernel.c
  Log:
  avoid a call to X509_NAME_oneline() and ASN1_INTEGER_get() in
  ssl_callback_SSLVerify_CRL() unless SSLLogLevel >= info, otherwise the
  expense is unused.
  
  Revision  Changes    Path
  1.35      +13 -11    httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.34
  retrieving revision 1.35
  diff -u -r1.34 -r1.35
  --- ssl_engine_kernel.c	2001/11/29 06:34:53	1.34
  +++ ssl_engine_kernel.c	2001/11/29 06:52:18	1.35
  @@ -1342,11 +1342,8 @@
       X509 *xs;
       X509_CRL *crl;
       X509_REVOKED *revoked;
  -    long serial;
       BIO *bio;
       int i, n, rc;
  -    char *cp;
  -    char *cp2;
   
       /*
        * Unless a revocation store for CRLs was created we
  @@ -1407,6 +1404,9 @@
            * (A little bit complicated because of ASN.1 and BIOs...)
            */
           if (sc->nLogLevel >= SSL_LOG_TRACE) {
  +            char *cp;
  +            char *cp2;
  +
               bio = BIO_new(BIO_s_mem());
               BIO_printf(bio, "lastUpdate: ");
               ASN1_UTCTIME_print(bio, X509_CRL_get_lastUpdate(crl));
  @@ -1477,15 +1477,17 @@
               revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
   #endif
               if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(xs)) ==
0) {
  -
  -                serial = ASN1_INTEGER_get(revoked->serialNumber);
  -                cp = X509_NAME_oneline(issuer, NULL, 0);
  -                ssl_log(s, SSL_LOG_INFO,
  -                        "Certificate with serial %ld (0x%lX) "
  -                        "revoked per CRL from issuer %s",
  -                        serial, serial, cp);
  -                free(cp);
   
  +                if (sc->nLogLevel >= SSL_LOG_INFO) {
  +                    char *cp = X509_NAME_oneline(issuer, NULL, 0);
  +                    long serial = ASN1_INTEGER_get(revoked->serialNumber);
  +
  +                    ssl_log(s, SSL_LOG_INFO,
  +                            "Certificate with serial %ld (0x%lX) "
  +                            "revoked per CRL from issuer %s",
  +                            serial, serial, cp);
  +                    free(cp);
  +                }
                   X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
                   X509_OBJECT_free_contents(&obj);
                   return FALSE;
  
  
  

Mime
View raw message