granicus.if.org Git - apache/commit

author	Kaspar Brand <kbrand@apache.org>
	Sat, 4 Oct 2014 10:58:49 +0000 (10:58 +0000)
committer	Kaspar Brand <kbrand@apache.org>
	Sat, 4 Oct 2014 10:58:49 +0000 (10:58 +0000)
commit	7cc90787fbd2b605a2c5ab981377cadcfa9cc1c3
tree	ad3f583c3c26ccd0ffb37ebe98d81affb353e608	tree \| snapshot
parent	1c969337329bba28db2862933b5f48e48342841e	commit \| diff

Move OCSP stapling information from a per-certificate store
(ex_data attached to an X509 *) to a per-server hash which is
allocated from the pconf pool. Fixes PR 54357, PR 56919 and
a leak with the certinfo_free cleanup function (missing
OCSP_CERTID_free).

* modules/ssl/ssl_util_stapling.c: drop certinfo_free, and add
  ssl_stapling_certid_free (used with apr_pool_cleanup_register).
  Switch to a stapling_certinfo hash which is keyed by the SHA-1
  digest of the certificate's DER encoding, rework ssl_stapling_init_cert
  to only store info once per certificate (allocated from the pconf
  to the extent possible) and extend the logging.

* modules/ssl/ssl_private.h: adjust prototype for
  ssl_stapling_init_cert, replace ssl_stapling_ex_init with
  ssl_stapling_certinfo_hash_init

* modules/ssl/ssl_engine_init.c: adjust ssl_stapling_* calls

Based on initial work by Alex Bligh <alex alex.org.uk>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1629372 13f79535-47bb-0310-9956-ffa450edef68

CHANGES		diff \| blob \| history
docs/log-message-tags/next-number		diff \| blob \| history
modules/ssl/ssl_engine_init.c		diff \| blob \| history
modules/ssl/ssl_private.h		diff \| blob \| history
modules/ssl/ssl_util_stapling.c		diff \| blob \| history