You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2020/02/27 12:38:41 UTC

svn commit: r1874575 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_util_stapling.c

Author: ylavic
Date: Thu Feb 27 12:38:41 2020
New Revision: 1874575

URL: http://svn.apache.org/viewvc?rev=1874575&view=rev
Log:
Revert r1874574: wrong patch.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1874575&r1=1874574&r2=1874575&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Feb 27 12:38:41 2020
@@ -1,8 +1,6 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
-  *) mod_ssl: Fix memory leak of OCSP stapling response.  [Yann Ylavic]
-
   *) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info".
      PR64172.
 

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c?rev=1874575&r1=1874574&r2=1874575&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c Thu Feb 27 12:38:41 2020
@@ -870,25 +870,17 @@ static int stapling_cb(SSL *ssl, void *a
         }
     }
 
-    rv = SSL_TLSEXT_ERR_NOACK;
-    if (!rsp) {
-        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01957)
-                     "stapling_cb: no suitable response available");
+    if (rsp && ((ok == TRUE) || (mctx->stapling_return_errors == TRUE))) {
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01956)
+                     "stapling_cb: setting response");
+        if (!stapling_set_response(ssl, rsp))
+            return SSL_TLSEXT_ERR_ALERT_FATAL;
+        return SSL_TLSEXT_ERR_OK;
     }
-    else {
-        if (ok == TRUE || mctx->stapling_return_errors == TRUE) {
-            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01956)
-                         "stapling_cb: setting response");
-            if (!stapling_set_response(ssl, rsp)) {
-                rv = SSL_TLSEXT_ERR_ALERT_FATAL;
-            }
-            else {
-                rv = SSL_TLSEXT_ERR_OK;
-            }
-        }
-        OCSP_RESPONSE_free(rsp);
-    }
-    return rv;
+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01957)
+                 "stapling_cb: no suitable response available");
+
+    return SSL_TLSEXT_ERR_NOACK;
 
 }