From a2daa5ab2bc1f22e0209c059c7ce10353c71050b Mon Sep 17 00:00:00 2001 From: Doug MacEachern Date: Thu, 29 Nov 2001 06:27:41 +0000 Subject: [PATCH] ssl_callback_SSLVerify() was calling (the expensive) X509_NAME_oneline() function and free() of the return value twice each, for logging regardless of SSLLogLevel. changed to happen only if SSLLogLevel >= trace PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92236 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_kernel.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index e67a432cdb..4ffe1f0c69 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1235,8 +1235,6 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) X509 *xs; int errnum; int errdepth; - char *cp; - char *cp2; int depth; int verify; @@ -1261,16 +1259,18 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) /* * Log verification information */ - cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0); - cp2 = X509_NAME_oneline(X509_get_issuer_name(xs), NULL, 0); - ssl_log(s, SSL_LOG_TRACE, - "Certificate Verification: depth: %d, subject: %s, issuer: %s", - errdepth, cp != NULL ? cp : "-unknown-", - cp2 != NULL ? cp2 : "-unknown"); - if (cp) - free(cp); - if (cp2) - free(cp2); + if (sc->nLogLevel >= SSL_LOG_TRACE) { + char *cp = X509_NAME_oneline(X509_get_subject_name(xs), NULL, 0); + char *cp2 = X509_NAME_oneline(X509_get_issuer_name(xs), NULL, 0); + ssl_log(s, SSL_LOG_TRACE, + "Certificate Verification: depth: %d, subject: %s, issuer: %s", + errdepth, cp != NULL ? cp : "-unknown-", + cp2 != NULL ? cp2 : "-unknown"); + if (cp) + free(cp); + if (cp2) + free(cp2); + } /* * Check for optionally acceptable non-verifiable issuer situation -- 2.40.0