if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
(verify_old == SSL_VERIFY_NONE) &&
- SSL_get_peer_certificate(ssl))
+ ((cert = SSL_get_peer_certificate(ssl)) != NULL))
{
renegotiate_quick = TRUE;
+ X509_free(cert);
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
if ((cert = SSL_get_peer_certificate(ssl))) {
sslconn->client_cert = cert;
sslconn->client_dn = NULL;
+ X509_free(cert);
}
/*
return HTTP_FORBIDDEN;
}
- if (do_verify && !SSL_get_peer_certificate(ssl)) {
+ if (do_verify &&
+ ((cert = SSL_get_peer_certificate(ssl)) == NULL)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Re-negotiation handshake failed: "
"Client certificate missing");
X509_NAME *subject, *issuer;
X509 *cert;
X509_CRL *crl;
+ EVP_PKEY *pubkey;
int i, n, rc;
/*
/*
* Verify the signature on this CRL
*/
- if (X509_CRL_verify(crl, X509_get_pubkey(cert)) <= 0) {
+ pubkey = X509_get_pubkey(cert);
+ if (X509_CRL_verify(crl, pubkey) <= 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Invalid signature on CRL");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
X509_OBJECT_free_contents(&obj);
+ if (pubkey)
+ EVP_PKEY_free(pubkey);
return FALSE;
}
+ if (pubkey)
+ EVP_PKEY_free(pubkey);
+
/*
* Check date of CRL to make sure it's not expired
*/
result = ssl_var_lookup_ssl_cert_verify(p, c);
}
else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) {
- if ((xs = SSL_get_peer_certificate(ssl)) != NULL)
+ if ((xs = SSL_get_peer_certificate(ssl)) != NULL) {
result = ssl_var_lookup_ssl_cert(p, xs, var+7);
+ X509_free(xs);
+ }
}
else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) {
if ((xs = SSL_get_certificate(ssl)) != NULL)
else
/* client verification failed */
result = apr_psprintf(p, "FAILED:%s", verr);
+
+ if (xs)
+ X509_free(xs);
return result;
}
projects / apache / commitdiff