Reapply the fix *intended* by rev 1.79 in a safer manner. Prior to

author William A. Rowe Jr <wrowe@apache.org>

Sat, 5 Apr 2003 19:04:44 +0000 (19:04 +0000)

committer William A. Rowe Jr <wrowe@apache.org>

Sat, 5 Apr 2003 19:04:44 +0000 (19:04 +0000)
author William A. Rowe Jr <wrowe@apache.org>
Sat, 5 Apr 2003 19:04:44 +0000 (19:04 +0000)
committer William A. Rowe Jr <wrowe@apache.org>
Sat, 5 Apr 2003 19:04:44 +0000 (19:04 +0000)
diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c

index 1b44d1f3466894e5ed2e81b2a813a7fce2fc7cca..2bf7221d5b88ee567a31ccc3d5bf8ebf1cadd5dc 100644 (file)
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -995,6 +995,10 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
      }
  
      /* deallocate the SSL connection */
+    if (sslconn->client_cert) {
+        X509_free(sslconn->client_cert);
+        sslconn->client_cert = NULL;
+    }
      SSL_free(ssl);
      sslconn->ssl = NULL;
      filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
@@ -1161,9 +1165,11 @@ static int ssl_io_filter_connect(ssl_filter_ctx_t *filter_ctx)
       * Remember the peer certificate's DN
       */
      if ((cert = SSL_get_peer_certificate(filter_ctx->pssl))) {
+        if (sslconn->client_cert) {
+            X509_free(sslconn->client_cert);
+        }
          sslconn->client_cert = cert;
          sslconn->client_dn = NULL;
-        X509_free(cert);
      }
  
      /*
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c

index dfcd5e5f595c1c5616050f2764d58a34c4891ce1..831c3a2aaa597fd012e4cfc4ad4517d41d1ce4fb 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -728,6 +728,9 @@ int ssl_hook_Access(request_rec *r)
           * Remember the peer certificate's DN
           */
          if ((cert = SSL_get_peer_certificate(ssl))) {
+            if (sslconn->client_cert) {
+                X509_free(sslconn->client_cert);
+            }
              sslconn->client_cert = cert;
              sslconn->client_dn = NULL;
          }
@@ -1276,8 +1279,11 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
                       "Certificate Verification: Error (%d): %s",
                       errnum, X509_verify_cert_error_string(errnum));
  
+        if (sslconn->client_cert) {
+            X509_free(sslconn->client_cert);
+            sslconn->client_cert = NULL;
+        }
          sslconn->client_dn = NULL;
-        sslconn->client_cert = NULL;
          sslconn->verify_error = X509_verify_cert_error_string(errnum);
      }
author	William A. Rowe Jr <wrowe@apache.org>
	Sat, 5 Apr 2003 19:04:44 +0000 (19:04 +0000)
committer	William A. Rowe Jr <wrowe@apache.org>
	Sat, 5 Apr 2003 19:04:44 +0000 (19:04 +0000)
modules/ssl/ssl_engine_io.c		patch \| blob \| history
modules/ssl/ssl_engine_kernel.c		patch \| blob \| history