diff options
| author |   beck <beck@openbsd.org> | 2002-03-29 02:08:03 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 2002-03-29 02:08:03 +0000 |
| commit | 44cdba531db40e5069beac4c7827aecc4660aad9 (patch) | |
| tree | 1f01b6793ed738e6bce4bce8e9ba92bf096dc80d /usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c | |
| parent | prototype pfctl_kill_states() (diff) | |
| download | wireguard-openbsd-44cdba531db40e5069beac4c7827aecc4660aad9.tar.xz wireguard-openbsd-44cdba531db40e5069beac4c7827aecc4660aad9.zip | |
fix half baked abortion of a merge to 1.3.23 and take
tree to apache-1.3.24+mod+ssl2.8.8
Diffstat (limited to 'usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c')
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c index 6ef24f6006e..866039b463c 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c @@ -438,7 +438,7 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, pool *p) asn1->nData = i2d_DHparams(dh, NULL); asn1->cpData = ap_palloc(mc->pPool, asn1->nData); ucp = asn1->cpData; i2d_DHparams(dh, &ucp); /* 2nd arg increments */ - /* no need to free dh, it's static */ + DH_free(dh); /* import 1024 bit DH param */ if ((dh = ssl_dh_GetTmpParam(1024)) == NULL) { @@ -449,7 +449,7 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, pool *p) asn1->nData = i2d_DHparams(dh, NULL); asn1->cpData = ap_palloc(mc->pPool, asn1->nData); ucp = asn1->cpData; i2d_DHparams(dh, &ucp); /* 2nd arg increments */ - /* no need to free dh, it's static */ + DH_free(dh); } /* Allocate Keys and Params */ @@ -983,6 +983,7 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, pool *pp, char *cpCAfile char *cp; pool *p; int n; + char buf[256]; /* * Use a subpool so we don't bloat up the server pool which @@ -1002,13 +1003,14 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, pool *pp, char *cpCAfile */ if (cpCAfile != NULL) { sk = SSL_load_client_CA_file(cpCAfile); - for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) { + for (n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) { ssl_log(s, SSL_LOG_TRACE, "CA certificate: %s", - X509_NAME_oneline(sk_X509_NAME_value(sk, n), NULL, 0)); + X509_NAME_oneline(sk_X509_NAME_value(sk, n), buf, sizeof(buf))); if (sk_X509_NAME_find(skCAList, sk_X509_NAME_value(sk, n)) < 0) sk_X509_NAME_push(skCAList, sk_X509_NAME_value(sk, n)); } + sk_X509_NAME_free(sk); } /* @@ -1019,13 +1021,14 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, pool *pp, char *cpCAfile while ((direntry = readdir(dir)) != NULL) { cp = ap_pstrcat(p, cpCApath, "/", direntry->d_name, NULL); sk = SSL_load_client_CA_file(cp); - for(n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) { + for (n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) { ssl_log(s, SSL_LOG_TRACE, "CA certificate: %s", - X509_NAME_oneline(sk_X509_NAME_value(sk, n), NULL, 0)); + X509_NAME_oneline(sk_X509_NAME_value(sk, n), buf, sizeof(buf))); if (sk_X509_NAME_find(skCAList, sk_X509_NAME_value(sk, n)) < 0) sk_X509_NAME_push(skCAList, sk_X509_NAME_value(sk, n)); } + sk_X509_NAME_free(sk); } ap_pclosedir(p, dir); } @@ -1074,6 +1077,10 @@ void ssl_init_ModuleKill(void *data) */ for (; s != NULL; s = s->next) { sc = mySrvConfig(s); + if (sc->pRevocationStore != NULL) { + X509_STORE_free(sc->pRevocationStore); + sc->pRevocationStore = NULL; + } if (sc->pPublicCert[SSL_AIDX_RSA] != NULL) { X509_free(sc->pPublicCert[SSL_AIDX_RSA]); sc->pPublicCert[SSL_AIDX_RSA] = NULL; |