follow up to r1641077:

one bug was traded for another in r1641077; track the response
length and the cached object length separately to avoid such
confusion

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1641095 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_util_stapling.c b/modules/ssl/ssl_util_stapling.c
index 2d4172882131e56841952e2d0b442c3efdbc39f5..0e83baf3ea9061b92044cea4fe4c4301d4f57c26 100644 (file)
--- a/modules/ssl/ssl_util_stapling.c
+++ b/modules/ssl/ssl_util_stapling.c
@@ -212,7 +212,7 @@ static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx,
     SSLModConfigRec *mc = myModConfig(s);
     unsigned char resp_der[MAX_STAPLING_DER]; /* includes one-byte flag + response */
     unsigned char *p;
-    int resp_derlen;
+    int resp_derlen, stored_len;
     BOOL rv;
     apr_time_t expiry;
 
@@ -224,7 +224,8 @@ static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx,
         return FALSE;
     }
 
-    if (resp_derlen + 1 > sizeof resp_der) { /* response + ok flag too big? */
+    stored_len = resp_derlen + 1; /* response + ok flag */
+    if (stored_len > sizeof resp_der) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01928)
                      "OCSP stapling response too big (%u bytes)", resp_derlen);
         return FALSE;
@@ -248,7 +249,7 @@ static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx,
 
     rv = mc->stapling_cache->store(mc->stapling_cache_context, s,
                                    cinf->idx, sizeof(cinf->idx),
-                                   expiry, resp_der, resp_derlen, pool);
+                                   expiry, resp_der, stored_len, pool);
     if (rv != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01929)
                      "stapling_cache_response: OCSP response session store error!");