]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f1c8675)
EVP_PKEY_free() is refcounted on OpenSSL, but NOT under RSA SSL-C.
authorWilliam A. Rowe Jr <wrowe@apache.org>
Sat, 5 Apr 2003 18:36:56 +0000 (18:36 +0000)
committerWilliam A. Rowe Jr <wrowe@apache.org>
Sat, 5 Apr 2003 18:36:56 +0000 (18:36 +0000)
  Eliminate a number of test failures by conditionally reverting rev 1.79
  pubkey handling in ssl_engine_kernel.c, except under OpenSSL.

  Also revert a rev 1.79 bogisity for all toolkits; it's entirely bogus
  to release a refcount after setting aside the results in a persistant
  structure, in this case sslconn->client_cert from SSL_get_peer_certificate()
  mustn't be freed while sslconn is still in play.  The proper patch (not
  written yet) is to invoke the X509_free(sslconn->client_cert) when we
  cleanup the sslconn structure.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99250 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/ssl_engine_kernel.c patch | blob | history

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index e1520e4434ec7f472e7433cc67984ee3629b672d..dfcd5e5f595c1c5616050f2764d58a34c4891ce1 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -730,7 +730,6 @@ int ssl_hook_Access(request_rec *r)
         if ((cert = SSL_get_peer_certificate(ssl))) {
             sslconn->client_cert = cert;
             sslconn->client_dn = NULL;
-            X509_free(cert);
         }
 
         /*
@@ -1409,21 +1408,21 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
          * Verify the signature on this CRL
          */
         pubkey = X509_get_pubkey(cert);
-        if (X509_CRL_verify(crl, pubkey) <= 0) {
+        rc = X509_CRL_verify(crl, pubkey);
+#ifdef OPENSSL_VERSION_NUMBER
+        /* Only refcounted in OpenSSL */
+        if (pubkey)
+            EVP_PKEY_free(pubkey);
+#endif
+        if (rc <= 0) {
             ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
                          "Invalid signature on CRL");
 
             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
             X509_OBJECT_free_contents(&obj);
-            if (pubkey)
-                EVP_PKEY_free(pubkey);
-
             return FALSE;
         }
 
-        if (pubkey)
-            EVP_PKEY_free(pubkey);
-
         /*
          * Check date of CRL to make sure it's not expired
          */
Unnamed repository; edit this file 'description' to name the repository.