Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 1976:c4d8867f0162
fix memory leak when ssl_verify_client is on
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 28 Apr 2008 08:50:39 +0000 |
parents | f32cc6df6bd6 |
children | 40c9cb8576bb |
comparison
equal
deleted
inserted
replaced
1975:3ca17d430c9a | 1976:c4d8867f0162 |
---|---|
286 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) | 286 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) |
287 { | 287 { |
288 char *subject, *issuer; | 288 char *subject, *issuer; |
289 int err, depth; | 289 int err, depth; |
290 X509 *cert; | 290 X509 *cert; |
291 X509_NAME *name; | 291 X509_NAME *sname, *iname; |
292 ngx_connection_t *c; | 292 ngx_connection_t *c; |
293 ngx_ssl_conn_t *ssl_conn; | 293 ngx_ssl_conn_t *ssl_conn; |
294 | 294 |
295 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store, | 295 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store, |
296 SSL_get_ex_data_X509_STORE_CTX_idx()); | 296 SSL_get_ex_data_X509_STORE_CTX_idx()); |
299 | 299 |
300 cert = X509_STORE_CTX_get_current_cert(x509_store); | 300 cert = X509_STORE_CTX_get_current_cert(x509_store); |
301 err = X509_STORE_CTX_get_error(x509_store); | 301 err = X509_STORE_CTX_get_error(x509_store); |
302 depth = X509_STORE_CTX_get_error_depth(x509_store); | 302 depth = X509_STORE_CTX_get_error_depth(x509_store); |
303 | 303 |
304 name = X509_get_subject_name(cert); | 304 sname = X509_get_subject_name(cert); |
305 subject = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; | 305 subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)"; |
306 | 306 |
307 name = X509_get_issuer_name(cert); | 307 iname = X509_get_issuer_name(cert); |
308 issuer = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; | 308 issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)"; |
309 | 309 |
310 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, | 310 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
311 "verify:%d, error:%d, depth:%d, " | 311 "verify:%d, error:%d, depth:%d, " |
312 "subject:\"%s\",issuer: \"%s\"", | 312 "subject:\"%s\",issuer: \"%s\"", |
313 ok, err, depth, subject, issuer); | 313 ok, err, depth, subject, issuer); |
314 | |
315 if (sname) { | |
316 OPENSSL_free(subject); | |
317 } | |
318 | |
319 if (iname) { | |
320 OPENSSL_free(issuer); | |
321 } | |
314 | 322 |
315 return 1; | 323 return 1; |
316 } | 324 } |
317 | 325 |
318 | 326 |