(fb574408) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

ssl_engine_io.c

+7 −1

Original line number	Diff line number	Diff line
		@@ -995,6 +995,10 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
		}

		/* deallocate the SSL connection */
		if (sslconn->client_cert) {
		X509_free(sslconn->client_cert);
		sslconn->client_cert = NULL;
		}
		SSL_free(ssl);
		sslconn->ssl = NULL;
		filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
		@@ -1161,9 +1165,11 @@ static int ssl_io_filter_connect(ssl_filter_ctx_t *filter_ctx)
		* Remember the peer certificate's DN
		*/
		if ((cert = SSL_get_peer_certificate(filter_ctx->pssl))) {
		if (sslconn->client_cert) {
		X509_free(sslconn->client_cert);
		}
		sslconn->client_cert = cert;
		sslconn->client_dn = NULL;
		X509_free(cert);
		}

		/*

+7 −1

Original line number	Diff line number	Diff line
		@@ -728,6 +728,9 @@ int ssl_hook_Access(request_rec *r)
		* Remember the peer certificate's DN
		*/
		if ((cert = SSL_get_peer_certificate(ssl))) {
		if (sslconn->client_cert) {
		X509_free(sslconn->client_cert);
		}
		sslconn->client_cert = cert;
		sslconn->client_dn = NULL;
		}
		@@ -1276,8 +1279,11 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
		"Certificate Verification: Error (%d): %s",
		errnum, X509_verify_cert_error_string(errnum));

		sslconn->client_dn = NULL;
		if (sslconn->client_cert) {
		X509_free(sslconn->client_cert);
		sslconn->client_cert = NULL;
		}
		sslconn->client_dn = NULL;
		sslconn->verify_error = X509_verify_cert_error_string(errnum);
		}