httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kbr...@apache.org
Subject svn commit: r1588853 - in /httpd/httpd/trunk: docs/log-message-tags/next-number modules/ssl/ssl_util_stapling.c
Date Mon, 21 Apr 2014 06:54:42 GMT
Author: kbrand
Date: Mon Apr 21 06:54:41 2014
New Revision: 1588853

URL: http://svn.apache.org/r1588853
Log:
ssl_stapling_init_cert: do not return success when no responder URI is found
stapling_renew_response: abort early (before apr_uri_parse) if ocspuri is empty

Modified:
    httpd/httpd/trunk/docs/log-message-tags/next-number
    httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c

Modified: httpd/httpd/trunk/docs/log-message-tags/next-number
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/log-message-tags/next-number?rev=1588853&r1=1588852&r2=1588853&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/log-message-tags/next-number (original)
+++ httpd/httpd/trunk/docs/log-message-tags/next-number Mon Apr 21 06:54:41 2014
@@ -1 +1 @@
-2621
+2622

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c?rev=1588853&r1=1588852&r2=1588853&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c Mon Apr 21 06:54:41 2014
@@ -145,14 +145,15 @@ int ssl_stapling_init_cert(server_rec *s
     X509_digest(x, EVP_sha1(), cinf->idx, NULL);
 
     aia = X509_get1_ocsp(x);
-    if (aia)
+    if (aia) {
         cinf->uri = sk_OPENSSL_STRING_pop(aia);
+        X509_email_free(aia);
+    }
     if (!cinf->uri && !mctx->stapling_force_url) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02218)
                      "ssl_stapling_init_cert: no responder URL");
+        return 0;
     }
-    if (aia)
-        X509_email_free(aia);
     return 1;
 }
 
@@ -403,6 +404,13 @@ static BOOL stapling_renew_response(serv
     else
         ocspuri = cinf->uri;
 
+    if (!ocspuri) {
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02621)
+                     "stapling_renew_response: no uri for responder");
+        rv = FALSE;
+        goto done;
+    }
+
     /* Create a temporary pool to constrain memory use */
     apr_pool_create(&vpool, conn->pool);
 



Mime
View raw message