Correct tls_config_clear_keys() behaviour. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	jsing <>	2018-04-07 16:35:34 +0000
committer	jsing <>	2018-04-07 16:35:34 +0000
commit	111c0ba098842c9337026115c4d68b9a0f312b9d (patch)
tree	00255fc63c35caf51fe96345ab5612a005915c5f /src/lib/libssl/s3_lib.c
parent	9e6acdbfc336b22b66a0a01c53019f7f4ac612d9 (diff)
download	openbsd-111c0ba098842c9337026115c4d68b9a0f312b9d.tar.gz openbsd-111c0ba098842c9337026115c4d68b9a0f312b9d.tar.bz2 openbsd-111c0ba098842c9337026115c4d68b9a0f312b9d.zip

Correct tls_config_clear_keys() behaviour.

Previously this incorrectly called tls_keypair_clear(), which results in the private key being cleared, along with the certificate, OCSP staple and pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called following tls_configure(), as is done by httpd. Fix this by calling tls_keypair_clear_key() so that only the private key is cleared, leaving the other public data untouched. While here, remove tls_keypair_clear() and fold the necessary parts into tls_keypair_free(). ok beck@

Diffstat (limited to 'src/lib/libssl/s3_lib.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: