git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
OpenSSL: revert needless free of certificate list. The library handlies it internally.
[exim.git]
/
src
/
src
/
tls-openssl.c
diff --git
a/src/src/tls-openssl.c
b/src/src/tls-openssl.c
index 4dfeac06d35f12586174fe042ca2af6d5a641f0d..8e8f27686eabcdd1cb8ee33caf1b0e74bc8542df 100644
(file)
--- a/
src/src/tls-openssl.c
+++ b/
src/src/tls-openssl.c
@@
-152,7
+152,6
@@
typedef struct tls_ext_ctx_cb {
uschar *certificate;
uschar *privatekey;
BOOL is_server;
uschar *certificate;
uschar *privatekey;
BOOL is_server;
- STACK_OF(X509_NAME) * acceptable_certnames;
#ifndef DISABLE_OCSP
STACK_OF(X509) *verify_stack; /* chain for verifying the proof */
union {
#ifndef DISABLE_OCSP
STACK_OF(X509) *verify_stack; /* chain for verifying the proof */
union {
@@
-1511,7
+1510,6
@@
cbinfo = store_malloc(sizeof(tls_ext_ctx_cb));
cbinfo->certificate = certificate;
cbinfo->privatekey = privatekey;
cbinfo->is_server = host==NULL;
cbinfo->certificate = certificate;
cbinfo->privatekey = privatekey;
cbinfo->is_server = host==NULL;
-cbinfo->acceptable_certnames = NULL;
#ifndef DISABLE_OCSP
cbinfo->verify_stack = NULL;
if (!host)
#ifndef DISABLE_OCSP
cbinfo->verify_stack = NULL;
if (!host)
@@
-1861,19
+1859,11
@@
if (expcerts && *expcerts)
{
tls_ext_ctx_cb * cbinfo = host
? client_static_cbinfo : server_static_cbinfo;
{
tls_ext_ctx_cb * cbinfo = host
? client_static_cbinfo : server_static_cbinfo;
- STACK_OF(X509_NAME) * names;
-
- if ((names = cbinfo->acceptable_certnames))
- {
- sk_X509_NAME_pop_free(names, X509_NAME_free);
- cbinfo->acceptable_certnames = NULL;
- }
- names = SSL_load_client_CA_file(CS file);
+ STACK_OF(X509_NAME) * names = SSL_load_client_CA_file(CS file);
SSL_CTX_set_client_CA_list(sctx, names);
DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n",
sk_X509_NAME_num(names));
SSL_CTX_set_client_CA_list(sctx, names);
DEBUG(D_tls) debug_printf("Added %d certificate authorities.\n",
sk_X509_NAME_num(names));
- cbinfo->acceptable_certnames = names;
}
}
}
}
}
}
@@
-2488,11
+2478,9
@@
if (error == SSL_ERROR_ZERO_RETURN)
SSL_shutdown(server_ssl);
sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free);
SSL_shutdown(server_ssl);
sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free);
- sk_X509_NAME_pop_free(server_static_cbinfo->acceptable_certnames, X509_NAME_free);
SSL_free(server_ssl);
SSL_CTX_free(server_ctx);
server_static_cbinfo->verify_stack = NULL;
SSL_free(server_ssl);
SSL_CTX_free(server_ctx);
server_static_cbinfo->verify_stack = NULL;
- server_static_cbinfo->acceptable_certnames = NULL;
server_ctx = NULL;
server_ssl = NULL;
tls_in.active = -1;
server_ctx = NULL;
server_ssl = NULL;
tls_in.active = -1;
@@
-2769,10
+2757,7
@@
if (shutdown)
if (is_server)
{
sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free);
if (is_server)
{
sk_X509_pop_free(server_static_cbinfo->verify_stack, X509_free);
- sk_X509_NAME_pop_free(server_static_cbinfo->acceptable_certnames,
- X509_NAME_free);
server_static_cbinfo->verify_stack = NULL;
server_static_cbinfo->verify_stack = NULL;
- server_static_cbinfo->acceptable_certnames = NULL;
}
SSL_CTX_free(*ctxp);
}
SSL_CTX_free(*ctxp);