You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2020/02/27 12:38:41 UTC
svn commit: r1874575 - in /httpd/httpd/trunk: CHANGES
modules/ssl/ssl_util_stapling.c
Author: ylavic
Date: Thu Feb 27 12:38:41 2020
New Revision: 1874575
URL: http://svn.apache.org/viewvc?rev=1874575&view=rev
Log:
Revert r1874574: wrong patch.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1874575&r1=1874574&r2=1874575&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Feb 27 12:38:41 2020
@@ -1,8 +1,6 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
- *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
-
*) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info".
PR64172.
Modified: httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c?rev=1874575&r1=1874574&r2=1874575&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_stapling.c Thu Feb 27 12:38:41 2020
@@ -870,25 +870,17 @@ static int stapling_cb(SSL *ssl, void *a
}
}
- rv = SSL_TLSEXT_ERR_NOACK;
- if (!rsp) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01957)
- "stapling_cb: no suitable response available");
+ if (rsp && ((ok == TRUE) || (mctx->stapling_return_errors == TRUE))) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01956)
+ "stapling_cb: setting response");
+ if (!stapling_set_response(ssl, rsp))
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ return SSL_TLSEXT_ERR_OK;
}
- else {
- if (ok == TRUE || mctx->stapling_return_errors == TRUE) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01956)
- "stapling_cb: setting response");
- if (!stapling_set_response(ssl, rsp)) {
- rv = SSL_TLSEXT_ERR_ALERT_FATAL;
- }
- else {
- rv = SSL_TLSEXT_ERR_OK;
- }
- }
- OCSP_RESPONSE_free(rsp);
- }
- return rv;
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01957)
+ "stapling_cb: no suitable response available");
+
+ return SSL_TLSEXT_ERR_NOACK;
}