diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-02-22 23:52:17 +0000 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-02-23 09:07:16 +0000 |
commit | 4cdbbcada0318fdc8db463fbf203a4afa1914d92 (patch) | |
tree | 74e6a8f0f0dfc636d20bbd087713e53f3cdcb402 | |
parent | 8b17525025ccd7af1299c9fee2bd43595ab3de09 (diff) | |
download | exim4-4cdbbcada0318fdc8db463fbf203a4afa1914d92.tar.gz |
OpenSSL: revert needless free of certificate list. The library handles it internally.
Reported-by: Torsten Tributh
-rw-r--r-- | src/src/tls-openssl.c | 17 |
1 files changed, 1 insertions, 16 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index da7eb8a40..addda713e 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -152,7 +152,6 @@ typedef struct tls_ext_ctx_cb { uschar *certificate; uschar *privatekey; BOOL is_server; - STACK_OF(X509_NAME) * acceptable_certnames; #ifndef DISABLE_OCSP STACK_OF(X509) *verify_stack; /* chain for verifying the proof */ union { @@ -1489,7 +1488,6 @@ cbinfo = store_malloc(sizeof(tls_ext_ctx_cb)); cbinfo->certificate = certificate; cbinfo->privatekey = privatekey; cbinfo->is_server = host==NULL; -cbinfo->acceptable_certnames = NULL; #ifndef DISABLE_OCSP cbinfo->verify_stack = NULL; if (!host) @@ -1840,19 +1838,11 @@ if (expcerts && *expcerts) { tls_ext_ctx_cb * cbinfo = host ? client_static_cbinfo : server_static_cbinfo; - STACK_OF(X509_NAME) * names; - - if ((names = cbinfo->acceptable_certnames)) - { - sk_X509_NAME_pop_free(names, X509_NAME_free); - cbinfo->acceptable_certnames = NULL; - } - names = SSL_load_client_CA_file(CS file); + STACK_OF(X509_NAME) * names = SSL_load_client_CA_file(CS file); SSL_CTX_set_client_CA_list(sctx, names); DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n", sk_X509_NAME_num(names)); - cbinfo->acceptable_certnames = names; } } } @@ -2467,11 +2457,9 @@ if (error == SSL_ERROR_ZERO_RETURN) SSL_shutdown(server_ssl); sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free); - sk_X509_NAME_pop_free(server_static_cbinfo->acceptable_certnames, X509_NAME_free); SSL_free(server_ssl); SSL_CTX_free(server_ctx); server_static_cbinfo->verify_stack = NULL; - server_static_cbinfo->acceptable_certnames = NULL; server_ctx = NULL; server_ssl = NULL; tls_in.active = -1; @@ -2748,10 +2736,7 @@ if (shutdown) if (is_server) { sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free); - sk_X509_NAME_pop_free(server_static_cbinfo->acceptable_certnames, - X509_NAME_free); server_static_cbinfo->verify_stack = NULL; - server_static_cbinfo->acceptable_certnames = NULL; } SSL_CTX_free(*ctxp); |