diff options
author | Phil Pennock <pdp@exim.org> | 2012-12-09 19:23:06 -0500 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-12-09 19:30:02 -0500 |
commit | 14c7b357062edf88e350fb95c06847b2c2a2b934 (patch) | |
tree | 454ffb7a06d52b9687db95b81b7a0e66d028910c | |
parent | 9d6bb16d6af8c4d2c5e2f58d2a6983c03600c35a (diff) | |
download | exim4-14c7b357062edf88e350fb95c06847b2c2a2b934.tar.gz |
OCSP/SNI: set correct callback.
Caught by Jeremy; was wrong in (my) original commit, the dual-TLS work
had just renamed the variables and theoretically made it more visible.
I still missed it.
The server_sni context initialisation was setting the OCSP status
callback context parameter back on the original server_ctx instead of
the new server_sni context.
I guess OCSP and SNI aren't being used together in Exim much yet.
-rw-r--r-- | doc/doc-txt/ChangeLog | 5 | ||||
-rw-r--r-- | src/src/tls-openssl.c | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 9ed827f49..bf8141351 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -143,6 +143,11 @@ GF/01 DCC debug and logging tidyup TF/03 Avoid unnecessary rebuilds of lookup-related code. +PP/14 Fix OCSP reinitialisation in SNI handling for Exim/TLS as server. + Bug spotted by Jeremy Harris; was flawed since initial commit. + Would have resulted in OCSP responses post-SNI triggering an Exim + NULL dereference and crash. + Exim version 4.80.1 ------------------- diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 08b92bae5..440993585 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -689,7 +689,7 @@ if (cbinfo->server_cipher_list) if (cbinfo->ocsp_file) { SSL_CTX_set_tlsext_status_cb(server_sni, tls_stapling_cb); - SSL_CTX_set_tlsext_status_arg(server_ctx, cbinfo); + SSL_CTX_set_tlsext_status_arg(server_sni, cbinfo); } #endif |