git://git.exim.org
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
8db90b3
)
Before importing a certificate, free any previous one. Bug 1648
author
Jeremy Harris
<jgh146exb@wizmail.org>
Mon, 22 Jun 2015 09:32:01 +0000
(10:32 +0100)
committer
Jeremy Harris
<jgh146exb@wizmail.org>
Mon, 22 Jun 2015 09:32:01 +0000
(10:32 +0100)
Second try
src/src/deliver.c
patch
|
blob
|
history
src/src/functions.h
patch
|
blob
|
history
src/src/spool_in.c
patch
|
blob
|
history
src/src/tlscert-gnu.c
patch
|
blob
|
history
src/src/tlscert-openssl.c
patch
|
blob
|
history
diff --git
a/src/src/deliver.c
b/src/src/deliver.c
index 543a618eb842b09d8df9a69ec412db9e572778b8..78f8f4bd47163cc5570dae14978ebf344de551fb 100644
(file)
--- a/
src/src/deliver.c
+++ b/
src/src/deliver.c
@@
-1170,16
+1170,8
@@
if (result == OK)
delivery_log(LOG_MAIN, addr, logchar, NULL);
#ifdef SUPPORT_TLS
delivery_log(LOG_MAIN, addr, logchar, NULL);
#ifdef SUPPORT_TLS
- if (tls_out.ourcert)
- {
- tls_free_cert(tls_out.ourcert);
- tls_out.ourcert = NULL;
- }
- if (tls_out.peercert)
- {
- tls_free_cert(tls_out.peercert);
- tls_out.peercert = NULL;
- }
+ tls_free_cert(&tls_out.ourcert);
+ tls_free_cert(&tls_out.peercert);
tls_out.cipher = NULL;
tls_out.peerdn = NULL;
tls_out.ocsp = OCSP_NOT_REQ;
tls_out.cipher = NULL;
tls_out.peerdn = NULL;
tls_out.ocsp = OCSP_NOT_REQ;
diff --git
a/src/src/functions.h
b/src/src/functions.h
index 70f187050ce5518ef22cce3dc92c4646cdc2be69..02579040eccc1731c260877aec042a87e07c39f4 100644
(file)
--- a/
src/src/functions.h
+++ b/
src/src/functions.h
@@
-45,15
+45,15
@@
extern uschar * tls_cert_fprt_sha256(void *);
extern int tls_client_start(int, host_item *, address_item *,
transport_instance *
extern int tls_client_start(int, host_item *, address_item *,
transport_instance *
-#ifdef EXPERIMENTAL_DANE
+#
ifdef EXPERIMENTAL_DANE
, dns_answer *
, dns_answer *
-#endif
+#
endif
);
extern void tls_close(BOOL, BOOL);
extern int tls_export_cert(uschar *, size_t, void *);
extern int tls_feof(void);
extern int tls_ferror(void);
);
extern void tls_close(BOOL, BOOL);
extern int tls_export_cert(uschar *, size_t, void *);
extern int tls_feof(void);
extern int tls_ferror(void);
-extern void tls_free_cert(void *);
+extern void tls_free_cert(void *
*
);
extern int tls_getc(void);
extern int tls_import_cert(const uschar *, void **);
extern int tls_read(BOOL, uschar *, size_t);
extern int tls_getc(void);
extern int tls_import_cert(const uschar *, void **);
extern int tls_read(BOOL, uschar *, size_t);
diff --git
a/src/src/spool_in.c
b/src/src/spool_in.c
index 9ce8ce5cb28b731e3b92203ece70209253b3257a..1a5bf4ec8a3e0e9262b22b2aaec59faad7113247 100644
(file)
--- a/
src/src/spool_in.c
+++ b/
src/src/spool_in.c
@@
-288,8
+288,10
@@
tls_in.certificate_verified = FALSE;
tls_in.dane_verified = FALSE;
# endif
tls_in.cipher = NULL;
tls_in.dane_verified = FALSE;
# endif
tls_in.cipher = NULL;
-tls_in.ourcert = NULL;
-tls_in.peercert = NULL;
+# ifndef COMPILE_UTILITY /* tls support fns not built in */
+tls_free_cert(&tls_in.ourcert);
+tls_free_cert(&tls_in.peercert);
+# endif
tls_in.peerdn = NULL;
tls_in.sni = NULL;
tls_in.ocsp = OCSP_NOT_REQ;
tls_in.peerdn = NULL;
tls_in.sni = NULL;
tls_in.ocsp = OCSP_NOT_REQ;
diff --git
a/src/src/tlscert-gnu.c
b/src/src/tlscert-gnu.c
index 40f49d36699dfd21a4d10a941cce65f90bbdc3bd..69ce27fc81db405b10edabf555966abe5f7081ea 100644
(file)
--- a/
src/src/tlscert-gnu.c
+++ b/
src/src/tlscert-gnu.c
@@
-77,10
+77,15
@@
return fail;
}
void
}
void
-tls_free_cert(void * cert)
+tls_free_cert(void *
*
cert)
{
{
-gnutls_x509_crt_deinit((gnutls_x509_crt_t) cert);
-gnutls_global_deinit();
+gnutls_x509_crt_t crt = *(gnutls_x509_crt_t *)cert;
+if (crt)
+ {
+ gnutls_x509_crt_deinit(crt);
+ gnutls_global_deinit();
+ *cert = NULL;
+ }
}
/*****************************************************
}
/*****************************************************
diff --git
a/src/src/tlscert-openssl.c
b/src/src/tlscert-openssl.c
index f2e482ba7757634413603b9859882365d6b5c423..72808a7ad797fc34745756589a7f9ada7c1b78b6 100644
(file)
--- a/
src/src/tlscert-openssl.c
+++ b/
src/src/tlscert-openssl.c
@@
-75,9
+75,14
@@
return fail;
}
void
}
void
-tls_free_cert(void * cert)
+tls_free_cert(void *
*
cert)
{
{
-X509_free((X509 *)cert);
+X509 * x = *(X509 **)cert;
+if (x)
+ {
+ X509_free(x);
+ *cert = NULL;
+ }
}
}