Mercurial > hg > nginx

diff src/event/ngx_event_openssl.c @ 1976:c4d8867f0162

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix memory leak when ssl_verify_client is on
author Igor Sysoev <igor@sysoev.ru>
date Mon, 28 Apr 2008 08:50:39 +0000
parents f32cc6df6bd6
children 40c9cb8576bb
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -288,7 +288,7 @@ ngx_http_ssl_verify_callback(int ok, X50
     char              *subject, *issuer;
     int                err, depth;
     X509              *cert;
-    X509_NAME         *name;
+    X509_NAME         *sname, *iname;
     ngx_connection_t  *c;
     ngx_ssl_conn_t    *ssl_conn;
 
@@ -301,17 +301,25 @@ ngx_http_ssl_verify_callback(int ok, X50
     err = X509_STORE_CTX_get_error(x509_store);
     depth = X509_STORE_CTX_get_error_depth(x509_store);
 
-    name = X509_get_subject_name(cert);
-    subject = name ? X509_NAME_oneline(name, NULL, 0) : "(none)";
-
-    name = X509_get_issuer_name(cert);
-    issuer = name ? X509_NAME_oneline(name, NULL, 0) : "(none)";
+    sname = X509_get_subject_name(cert);
+    subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)";
+
+    iname = X509_get_issuer_name(cert);
+    issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)";
 
     ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
                    "verify:%d, error:%d, depth:%d, "
                    "subject:\"%s\",issuer: \"%s\"",
                    ok, err, depth, subject, issuer);
 
+    if (sname) {
+        OPENSSL_free(subject);
+    }
+
+    if (iname) {
+        OPENSSL_free(issuer);
+    }
+
     return 1;
 }