Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 1976:c4d8867f0162
fix memory leak when ssl_verify_client is on
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Mon, 28 Apr 2008 08:50:39 +0000 |
| parents | f32cc6df6bd6 |
| children | 40c9cb8576bb |
comparison
equal
deleted
inserted
replaced
| 1975:3ca17d430c9a | 1976:c4d8867f0162 |
|---|---|
| 286 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) | 286 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) |
| 287 { | 287 { |
| 288 char *subject, *issuer; | 288 char *subject, *issuer; |
| 289 int err, depth; | 289 int err, depth; |
| 290 X509 *cert; | 290 X509 *cert; |
| 291 X509_NAME *name; | 291 X509_NAME *sname, *iname; |
| 292 ngx_connection_t *c; | 292 ngx_connection_t *c; |
| 293 ngx_ssl_conn_t *ssl_conn; | 293 ngx_ssl_conn_t *ssl_conn; |
| 294 | 294 |
| 295 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store, | 295 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store, |
| 296 SSL_get_ex_data_X509_STORE_CTX_idx()); | 296 SSL_get_ex_data_X509_STORE_CTX_idx()); |
| 299 | 299 |
| 300 cert = X509_STORE_CTX_get_current_cert(x509_store); | 300 cert = X509_STORE_CTX_get_current_cert(x509_store); |
| 301 err = X509_STORE_CTX_get_error(x509_store); | 301 err = X509_STORE_CTX_get_error(x509_store); |
| 302 depth = X509_STORE_CTX_get_error_depth(x509_store); | 302 depth = X509_STORE_CTX_get_error_depth(x509_store); |
| 303 | 303 |
| 304 name = X509_get_subject_name(cert); | 304 sname = X509_get_subject_name(cert); |
| 305 subject = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; | 305 subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)"; |
| 306 | 306 |
| 307 name = X509_get_issuer_name(cert); | 307 iname = X509_get_issuer_name(cert); |
| 308 issuer = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; | 308 issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)"; |
| 309 | 309 |
| 310 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, | 310 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 311 "verify:%d, error:%d, depth:%d, " | 311 "verify:%d, error:%d, depth:%d, " |
| 312 "subject:\"%s\",issuer: \"%s\"", | 312 "subject:\"%s\",issuer: \"%s\"", |
| 313 ok, err, depth, subject, issuer); | 313 ok, err, depth, subject, issuer); |
| 314 | |
| 315 if (sname) { | |
| 316 OPENSSL_free(subject); | |
| 317 } | |
| 318 | |
| 319 if (iname) { | |
| 320 OPENSSL_free(issuer); | |
| 321 } | |
| 314 | 322 |
| 315 return 1; | 323 return 1; |
| 316 } | 324 } |
| 317 | 325 |
| 318 | 326 |