Commit b97742be authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files 

  A cosmetic change to 1.79 - a real X509 *cert is in play, don't use
  that same variable to retrieve/release the quick lookup and discard
  of the peercert.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99244 13f79535-47bb-0310-9956-ffa450edef68
parent 45112c34

ssl_engine_kernel.c

+12 −8
Original line number Diff line number Diff line
@@ -209,6 +209,7 @@ int ssl_hook_Access(request_rec *r) 
    int ok, i;

    BOOL renegotiate = FALSE, renegotiate_quick = FALSE;

    X509 *cert;

    X509 *peercert;

    X509_STORE *cert_store = NULL;

    X509_STORE_CTX cert_store_ctx;

    STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
@@ -456,10 +457,10 @@ int ssl_hook_Access(request_rec *r) 


                if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&

                    (verify_old == SSL_VERIFY_NONE) &&

                    ((cert = SSL_get_peer_certificate(ssl)) != NULL))

                    ((peercert = SSL_get_peer_certificate(ssl)) != NULL))

                {

                    renegotiate_quick = TRUE;

                    X509_free(cert);

                    X509_free(peercert);

                }



                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
@@ -746,14 +747,17 @@ int ssl_hook_Access(request_rec *r) 
                return HTTP_FORBIDDEN;

            }



            if (do_verify &&

                ((cert = SSL_get_peer_certificate(ssl)) == NULL)) {

            if (do_verify) {

                if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {

                    ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,

                                 "Re-negotiation handshake failed: "

                                 "Client certificate missing");



                    return HTTP_FORBIDDEN;

                }



                X509_free(peercert);

            }

        }

    }