]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c5daf7a)
A cosmetic change to 1.79 - a real X509 *cert is in play, don't use
authorWilliam A. Rowe Jr <wrowe@apache.org>
Sat, 5 Apr 2003 18:18:08 +0000 (18:18 +0000)
committerWilliam A. Rowe Jr <wrowe@apache.org>
Sat, 5 Apr 2003 18:18:08 +0000 (18:18 +0000)
  that same variable to retrieve/release the quick lookup and discard
  of the peercert.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99244 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/ssl_engine_kernel.c patch | blob | history

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 429ed18841e7b3f915c0b20027db1255e65d5108..e1520e4434ec7f472e7433cc67984ee3629b672d 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -209,6 +209,7 @@ int ssl_hook_Access(request_rec *r)
     int ok, i;
     BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
     X509 *cert;
+    X509 *peercert;
     X509_STORE *cert_store = NULL;
     X509_STORE_CTX cert_store_ctx;
     STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
@@ -456,10 +457,10 @@ int ssl_hook_Access(request_rec *r)
 
                 if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
                     (verify_old == SSL_VERIFY_NONE) &&
-                    ((cert = SSL_get_peer_certificate(ssl)) != NULL))
+                    ((peercert = SSL_get_peer_certificate(ssl)) != NULL))
                 {
                     renegotiate_quick = TRUE;
-                    X509_free(cert);
+                    X509_free(peercert);
                 }
 
                 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
@@ -746,13 +747,16 @@ int ssl_hook_Access(request_rec *r)
                 return HTTP_FORBIDDEN;
             }
 
-            if (do_verify &&
-                ((cert = SSL_get_peer_certificate(ssl)) == NULL)) {
-                ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
-                             "Re-negotiation handshake failed: "
-                             "Client certificate missing");
+            if (do_verify) {
+                if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
+                    ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+                                 "Re-negotiation handshake failed: "
+                                 "Client certificate missing");
 
-                return HTTP_FORBIDDEN;
+                    return HTTP_FORBIDDEN;
+                }
+
+                X509_free(peercert);
             }
         }
     }
Unnamed repository; edit this file 'description' to name the repository.