Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

r17490@catbus: nickm | 2008-01-07 11:48:02 -0500
Fix bug 582: decref the idcert when we add it to the store.


svn:r13052

Nick Mathewson 16 years ago
parent
ea2280ada7
commit
491298a067
2 changed files with 4 additions and 6 deletions
Split View Show Diff Stats
  1. 2 0
      ChangeLog
  2. 2 6
      src/common/tortls.c

+ 2 - 0
ChangeLog
View File 

@@ -27,6 +27,8 @@ Changes in version 0.2.0.16-alpha - 2008-01-??
 
     - Patch from Karsten Loesing to complain less at both the client
 
       and the relay when a relay used to have the HSDir flag but doesn't
 
       anymore, and we try to upload a hidden service descriptor.
 
+    - Stop leaking one cert per TLS context.  Fixes bug 582.  Bugfix
 
+      on 0.2.0.15-alpha.
 
 
   o Minor features (controller):
 
     - Get NS events working again.  (Patch from tup)

+ 2 - 6
src/common/tortls.c
View File 

@@ -550,18 +550,14 @@ tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname,
 
     goto error;
 
   X509_free(cert); /* We just added a reference to cert. */
 
   cert=NULL;
 
-#if 0
 
-  if (idcert && !SSL_CTX_add_extra_chain_cert(result->ctx,idcert))
 
-    goto error;
 
-#else
 
   if (idcert) {
 
     X509_STORE *s = SSL_CTX_get_cert_store(result->ctx);
 
     tor_assert(s);
 
     X509_STORE_add_cert(s, idcert); /*XXXX020 This cert seems not to get
 
                                      * freed.  Fix that! */
 
+    X509_free(idcert); /* The context now owns the reference to idcert */
 
+    idcert = NULL;
 
   }
 
-#endif
 
-  idcert=NULL; /* The context now owns the reference to idcert */
 
   SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
 
   tor_assert(rsa);
 
   if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,1)))