httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject cvs commit: httpd-2.0/modules/ssl ssl_engine_kernel.c
Date Sat, 05 Apr 2003 18:36:56 GMT
wrowe       2003/04/05 10:36:56

  Modified:    modules/ssl ssl_engine_kernel.c
  Log:
    EVP_PKEY_free() is refcounted on OpenSSL, but NOT under RSA SSL-C.
    Eliminate a number of test failures by conditionally reverting rev 1.79
    pubkey handling in ssl_engine_kernel.c, except under OpenSSL.
  
    Also revert a rev 1.79 bogisity for all toolkits; it's entirely bogus
    to release a refcount after setting aside the results in a persistant
    structure, in this case sslconn->client_cert from SSL_get_peer_certificate()
    mustn't be freed while sslconn is still in play.  The proper patch (not
    written yet) is to invoke the X509_free(sslconn->client_cert) when we
    cleanup the sslconn structure.
  
  Revision  Changes    Path
  1.90      +7 -8      httpd-2.0/modules/ssl/ssl_engine_kernel.c
  
  Index: ssl_engine_kernel.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
  retrieving revision 1.89
  retrieving revision 1.90
  diff -u -r1.89 -r1.90
  --- ssl_engine_kernel.c	5 Apr 2003 18:18:08 -0000	1.89
  +++ ssl_engine_kernel.c	5 Apr 2003 18:36:56 -0000	1.90
  @@ -730,7 +730,6 @@
           if ((cert = SSL_get_peer_certificate(ssl))) {
               sslconn->client_cert = cert;
               sslconn->client_dn = NULL;
  -            X509_free(cert);
           }
   
           /*
  @@ -1409,20 +1408,20 @@
            * Verify the signature on this CRL
            */
           pubkey = X509_get_pubkey(cert);
  -        if (X509_CRL_verify(crl, pubkey) <= 0) {
  +        rc = X509_CRL_verify(crl, pubkey);
  +#ifdef OPENSSL_VERSION_NUMBER
  +        /* Only refcounted in OpenSSL */
  +        if (pubkey)
  +            EVP_PKEY_free(pubkey);
  +#endif
  +        if (rc <= 0) {
               ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
                            "Invalid signature on CRL");
   
               X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
               X509_OBJECT_free_contents(&obj);
  -            if (pubkey)
  -                EVP_PKEY_free(pubkey);
  -
               return FALSE;
           }
  -
  -        if (pubkey)
  -            EVP_PKEY_free(pubkey);
   
           /*
            * Check date of CRL to make sure it's not expired
  
  
  

Mime
View raw message