* @param sslContext The SSL context for the client.
*/
TlsStream::TlsStream(const Socket::Ptr& socket, ConnectionRole role, const shared_ptr<SSL_CTX>& sslContext)
- : m_Eof(false), m_Socket(socket), m_Role(role), m_VerifyOK(false)
+ : m_Eof(false), m_Socket(socket), m_Role(role), m_VerifyOK(true)
{
std::ostringstream msgbuf;
char errbuf[120];
{
SSL *ssl = static_cast<SSL *>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
TlsStream *stream = static_cast<TlsStream *>(SSL_get_ex_data(ssl, m_SSLIndex));
- stream->m_VerifyOK = preverify_ok;
+ if (!preverify_ok)
+ stream->m_VerifyOK = false;
return 1;
}
X509 *cert = CreateCert(pubkey, X509_REQ_get_subject_name(req), X509_get_subject_name(cacert), privkey, false);
+ EVP_PKEY_free(pubkey);
X509_free(cacert);
BIO *certbio = BIO_new_fp(stdout, BIO_NOCLOSE);
if (!PEM_write_bio_X509(certbio, cert)) {
+ BIO_free(certbio);
+
msgbuf << "Could not write X509 certificate: " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
Log(LogCritical, "SSL", msgbuf.str());
return 1;
}
+ X509_free(cert);
+
BIO_free(certbio);
return 0;
projects / icinga2 / commitdiff