From: Doug MacEachern Date: Thu, 29 Nov 2001 06:52:18 +0000 (+0000) Subject: avoid a call to X509_NAME_oneline() and ASN1_INTEGER_get() in X-Git-Tag: 2.0.30~341 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6dd4b15f65932fe7362e1a75489a63d6d7199fa4;p=apache avoid a call to X509_NAME_oneline() and ASN1_INTEGER_get() in ssl_callback_SSLVerify_CRL() unless SSLLogLevel >= info, otherwise the expense is unused. PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92238 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 1ae0857548..e96bd84cc2 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1342,11 +1342,8 @@ int ssl_callback_SSLVerify_CRL( X509 *xs; X509_CRL *crl; X509_REVOKED *revoked; - long serial; BIO *bio; int i, n, rc; - char *cp; - char *cp2; /* * Unless a revocation store for CRLs was created we @@ -1407,6 +1404,9 @@ int ssl_callback_SSLVerify_CRL( * (A little bit complicated because of ASN.1 and BIOs...) */ if (sc->nLogLevel >= SSL_LOG_TRACE) { + char *cp; + char *cp2; + bio = BIO_new(BIO_s_mem()); BIO_printf(bio, "lastUpdate: "); ASN1_UTCTIME_print(bio, X509_CRL_get_lastUpdate(crl)); @@ -1478,14 +1478,16 @@ int ssl_callback_SSLVerify_CRL( #endif if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(xs)) == 0) { - serial = ASN1_INTEGER_get(revoked->serialNumber); - cp = X509_NAME_oneline(issuer, NULL, 0); - ssl_log(s, SSL_LOG_INFO, - "Certificate with serial %ld (0x%lX) " - "revoked per CRL from issuer %s", - serial, serial, cp); - free(cp); + if (sc->nLogLevel >= SSL_LOG_INFO) { + char *cp = X509_NAME_oneline(issuer, NULL, 0); + long serial = ASN1_INTEGER_get(revoked->serialNumber); + ssl_log(s, SSL_LOG_INFO, + "Certificate with serial %ld (0x%lX) " + "revoked per CRL from issuer %s", + serial, serial, cp); + free(cp); + } X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED); X509_OBJECT_free_contents(&obj); return FALSE;