summaryrefslogtreecommitdiffstats
path: root/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c')
-rw-r--r--usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c24
1 files changed, 16 insertions, 8 deletions
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
index dec62cc17cf..9ed29b7b65f 100644
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
+++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_engine_init.c,v 1.18 2002/07/15 09:40:49 henning Exp $ */
+/* $OpenBSD: ssl_engine_init.c,v 1.19 2002/07/19 21:31:16 henning Exp $ */
/* _ _
** _ __ ___ ___ __| | ___ ___| | mod_ssl
@@ -934,7 +934,7 @@ void ssl_init_CheckServers(server_rec *sm, pool *p)
}
/*
- * Give out warnings when more than one SSL-aware virtual server uses the
+ * Give out warnings if more than one SSL-aware virtual server uses the
* same IP:port. This doesn't work because mod_ssl then will always use
* just the certificate/keys of one virtual host (which one cannot be said
* easily - but that doesn't matter here).
@@ -946,6 +946,8 @@ void ssl_init_CheckServers(server_rec *sm, pool *p)
sc = mySrvConfig(s);
if (!sc->bEnabled)
continue;
+ if (s->addrs == NULL)
+ continue;
key = ap_psprintf(sp, "%pA:%u", &s->addrs->host_addr, s->addrs->host_port);
ps = ssl_ds_table_get(t, key);
if (ps != NULL) {
@@ -1007,11 +1009,14 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, pool *pp, char *cpCAfile
if (cpCAfile != NULL) {
sk = SSL_load_client_CA_file(cpCAfile);
for (n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
+ X509_NAME *name = sk_X509_NAME_value(sk, n);
ssl_log(s, SSL_LOG_TRACE,
"CA certificate: %s",
- X509_NAME_oneline(sk_X509_NAME_value(sk, n), buf, sizeof(buf)));
- if (sk_X509_NAME_find(skCAList, sk_X509_NAME_value(sk, n)) < 0)
- sk_X509_NAME_push(skCAList, sk_X509_NAME_value(sk, n));
+ X509_NAME_oneline(name, buf, sizeof(buf)));
+ if (sk_X509_NAME_find(skCAList, name) < 0)
+ sk_X509_NAME_push(skCAList, name); /* will be freed when skCAList is */
+ else
+ X509_NAME_free(name);
}
sk_X509_NAME_free(sk);
}
@@ -1025,11 +1030,14 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, pool *pp, char *cpCAfile
cp = ap_pstrcat(p, cpCApath, "/", direntry->d_name, NULL);
sk = SSL_load_client_CA_file(cp);
for (n = 0; sk != NULL && n < sk_X509_NAME_num(sk); n++) {
+ X509_NAME *name = sk_X509_NAME_value(sk, n);
ssl_log(s, SSL_LOG_TRACE,
"CA certificate: %s",
- X509_NAME_oneline(sk_X509_NAME_value(sk, n), buf, sizeof(buf)));
- if (sk_X509_NAME_find(skCAList, sk_X509_NAME_value(sk, n)) < 0)
- sk_X509_NAME_push(skCAList, sk_X509_NAME_value(sk, n));
+ X509_NAME_oneline(name, buf, sizeof(buf)));
+ if (sk_X509_NAME_find(skCAList, name) < 0)
+ sk_X509_NAME_push(skCAList, name);
+ else
+ X509_NAME_free(name);
}
sk_X509_NAME_free(sk);
}
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.