From: Doug MacEachern Date: Thu, 29 Nov 2001 06:27:41 +0000 (+0000) Subject: ssl_callback_SSLVerify() was calling (the expensive) X509_NAME_oneline() X-Git-Tag: 2.0.30~343 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a2daa5ab2bc1f22e0209c059c7ce10353c71050b;p=apache ssl_callback_SSLVerify() was calling (the expensive) X509_NAME_oneline() function and free() of the return value twice each, for logging regardless of SSLLogLevel. changed to happen only if SSLLogLevel >= trace PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92236 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index e67a432cdb..4ffe1f0c69 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1235,8 +1235,6 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) X509 *xs; int errnum; int errdepth; - char *cp; - char *cp2; int depth; int verify; @@ -1261,16 +1259,18 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) /* * Log verification information */ - cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0); - cp2 = X509_NAME_oneline(X509_get_issuer_name(xs), NULL, 0); - ssl_log(s, SSL_LOG_TRACE, - "Certificate Verification: depth: %d, subject: %s, issuer: %s", - errdepth, cp != NULL ? cp : "-unknown-", - cp2 != NULL ? cp2 : "-unknown"); - if (cp) - free(cp); - if (cp2) - free(cp2); + if (sc->nLogLevel >= SSL_LOG_TRACE) { + char *cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0); + char *cp2 = X509_NAME_oneline(X509_get_issuer_name(xs), NULL, 0); + ssl_log(s, SSL_LOG_TRACE, + "Certificate Verification: depth: %d, subject: %s, issuer: %s", + errdepth, cp != NULL ? cp : "-unknown-", + cp2 != NULL ? cp2 : "-unknown"); + if (cp) + free(cp); + if (cp2) + free(cp2); + } /* * Check for optionally acceptable non-verifiable issuer situation