httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c
Date Sat, 05 Apr 2003 18:18:08 GMT
wrowe       2003/04/05 10:18:08

  Modified:    modules/ssl ssl_engine_kernel.c
  Log:
    A cosmetic change to 1.79 - a real X509 *cert is in play, don't use
    that same variable to retrieve/release the quick lookup and discard
    of the peercert.
  
  Revision  Changes    Path
  1.89      +12 -8     httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.88
  retrieving revision 1.89
  diff -u -r1.88 -r1.89
  --- ssl_engine_kernel.c	4 Apr 2003 03:57:10 -0000	1.88
  +++ ssl_engine_kernel.c	5 Apr 2003 18:18:08 -0000	1.89
  @@ -209,6 +209,7 @@
       int ok, i;
       BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
       X509 *cert;
  +    X509 *peercert;
       X509_STORE *cert_store = NULL;
       X509_STORE_CTX cert_store_ctx;
       STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
  @@ -456,10 +457,10 @@
   
                   if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
                       (verify_old == SSL_VERIFY_NONE) &&
  -                    ((cert = SSL_get_peer_certificate(ssl)) != NULL))
  +                    ((peercert = SSL_get_peer_certificate(ssl)) != NULL))
                   {
                       renegotiate_quick = TRUE;
  -                    X509_free(cert);
  +                    X509_free(peercert);
                   }
   
                   ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
  @@ -746,13 +747,16 @@
                   return HTTP_FORBIDDEN;
               }
   
  -            if (do_verify &&
  -                ((cert = SSL_get_peer_certificate(ssl)) == NULL)) {
  -                ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
  -                             "Re-negotiation handshake failed: "
  -                             "Client certificate missing");
  +            if (do_verify) {
  +                if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
  +                    ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
  +                                 "Re-negotiation handshake failed: "
  +                                 "Client certificate missing");
   
  -                return HTTP_FORBIDDEN;
  +                    return HTTP_FORBIDDEN;
  +                }
  +
  +                X509_free(peercert);
               }
           }
       }
  
  
  

Mime
View raw message