httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From do...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_init.c
Date Thu, 28 Feb 2002 04:00:52 GMT
dougm       02/02/27 20:00:52

  Modified:    modules/ssl ssl_engine_init.c
  Log:
  need to free X509_NAME duplicates already found in the stack built by
  ssl_init_FindCAList().
  
  Revision  Changes    Path
  1.35      +18 -6     httpd-2.0/modules/ssl/ssl_engine_init.c
  
  Index: ssl_engine_init.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
  retrieving revision 1.34
  retrieving revision 1.35
  diff -u -r1.34 -r1.35
  --- ssl_engine_init.c	28 Feb 2002 03:48:26 -0000	1.34
  +++ ssl_engine_init.c	28 Feb 2002 04:00:51 -0000	1.35
  @@ -871,16 +871,25 @@
       skCAList = sk_X509_NAME_new(ssl_init_FindCAList_X509NameCmp);
   
       /*
  +     * note that SSL_load_client_CA_file() checks for duplicates,
  +     * but since we call it multiple times when reading a directory
  +     * we must also check for duplicates ourselves.
  +     */
  +
  +    /*
        * Process CA certificate bundle file
        */
       if (cpCAfile != NULL) {
           sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(cpCAfile);
           for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
  +            X509_NAME *name = sk_X509_NAME_value(sk, n);
               ssl_log(s, SSL_LOG_TRACE,
                       "CA certificate: %s",
  -                    X509_NAME_oneline(sk_X509_NAME_value(sk, n), NULL, 0));
  -            if (sk_X509_NAME_find(skCAList, sk_X509_NAME_value(sk, n)) < 0)
  -                sk_X509_NAME_push(skCAList, sk_X509_NAME_value(sk, n));
  +                    X509_NAME_oneline(name, NULL, 0));
  +            if (sk_X509_NAME_find(skCAList, name) < 0)
  +                sk_X509_NAME_push(skCAList, name); /* this will be freed when skCAList
is */
  +            else
  +                X509_NAME_free(name);
           }
           sk_X509_NAME_free(sk);
       }
  @@ -894,11 +903,14 @@
               cp = apr_pstrcat(p, cpCApath, "/", direntry.name, NULL);
               sk = (STACK_OF(X509_NAME) *)SSL_load_client_CA_file(cp);
               for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
  +                X509_NAME *name = sk_X509_NAME_value(sk, n);
                   ssl_log(s, SSL_LOG_TRACE,
                           "CA certificate: %s",
  -                        X509_NAME_oneline(sk_X509_NAME_value(sk, n), NULL, 0));
  -                if (sk_X509_NAME_find(skCAList, sk_X509_NAME_value(sk, n)) < 0)
  -                    sk_X509_NAME_push(skCAList, sk_X509_NAME_value(sk, n));
  +                        X509_NAME_oneline(name, NULL, 0));
  +                if (sk_X509_NAME_find(skCAList, name) < 0)
  +                    sk_X509_NAME_push(skCAList, name); /* this will be freed when skCAList
is */
  +                else
  +                    X509_NAME_free(name);
               }
               sk_X509_NAME_free(sk);
           }
  
  
  

Mime
View raw message