From: William A. Rowe Jr Date: Sat, 5 Apr 2003 18:18:08 +0000 (+0000) Subject: A cosmetic change to 1.79 - a real X509 *cert is in play, don't use X-Git-Tag: pre_ajp_proxy~1905 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0bf3ccaa6c86b56f0fc4e57d46912d60b8073c4a;p=apache A cosmetic change to 1.79 - a real X509 *cert is in play, don't use that same variable to retrieve/release the quick lookup and discard of the peercert. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99244 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 429ed18841..e1520e4434 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -209,6 +209,7 @@ int ssl_hook_Access(request_rec *r) int ok, i; BOOL renegotiate = FALSE, renegotiate_quick = FALSE; X509 *cert; + X509 *peercert; X509_STORE *cert_store = NULL; X509_STORE_CTX cert_store_ctx; STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL; @@ -456,10 +457,10 @@ int ssl_hook_Access(request_rec *r) if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) && (verify_old == SSL_VERIFY_NONE) && - ((cert = SSL_get_peer_certificate(ssl)) != NULL)) + ((peercert = SSL_get_peer_certificate(ssl)) != NULL)) { renegotiate_quick = TRUE; - X509_free(cert); + X509_free(peercert); } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, @@ -746,13 +747,16 @@ int ssl_hook_Access(request_rec *r) return HTTP_FORBIDDEN; } - if (do_verify && - ((cert = SSL_get_peer_certificate(ssl)) == NULL)) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, - "Re-negotiation handshake failed: " - "Client certificate missing"); + if (do_verify) { + if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, + "Re-negotiation handshake failed: " + "Client certificate missing"); - return HTTP_FORBIDDEN; + return HTTP_FORBIDDEN; + } + + X509_free(peercert); } } }