import openssl-0.9.7-stable-SNAP-20020911 (without idea)

author: markus <> 2002-09-12 20:53:05 +0000
committer: markus <> 2002-09-12 20:53:05 +0000
commit: 31392c89d1135cf2a416f97295f6d21681b3fbc4 (patch)
tree: 09ce0b27981cae5a4625fa506a24d5c79fc8a13a /src/lib/libssl/ssl_lib.c
parent: 715a204e4615e4a70a466fcb383a9a57cad5e6b8 (diff)
download: openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.tar.gz
openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.tar.bz2
openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.zip
1 files changed, 14 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index ab172aeaec..4bc4ce5b3a 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a)
                abort(); /* ok */
                }
 #endif
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+        /*
+         * Free internal session cache. However: the remove_cb() may reference
+         * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+         * after the sessions were flushed.
+         * As the ex_data handling routines might also touch the session cache,
+         * the most secure solution seems to be: empty (flush) the cache, then
+         * free ex_data, then finally free the cache.
+         * (See ticket [openssl.org #212].)
+         */
        if (a->sessions != NULL)
-                {
                SSL_CTX_flush_sessions(a,0);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+        if (a->sessions != NULL)
                lh_free(a->sessions);
-                }
        if (a->cert_store != NULL)
                X509_STORE_free(a->cert_store);
        if (a->cipher_list != NULL)
author	markus <>	2002-09-12 20:53:05 +0000
committer	markus <>	2002-09-12 20:53:05 +0000
commit	31392c89d1135cf2a416f97295f6d21681b3fbc4 (patch)
tree	09ce0b27981cae5a4625fa506a24d5c79fc8a13a /src/lib/libssl/ssl_lib.c
parent	715a204e4615e4a70a466fcb383a9a57cad5e6b8 (diff)
download	openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.tar.gz openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.tar.bz2 openbsd-31392c89d1135cf2a416f97295f6d21681b3fbc4.zip

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index ab172aeaec..4bc4ce5b3a 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a)
1405	abort(); /* ok */	1405	abort(); /* ok */
1406	}	1406	}
1407	#endif	1407	#endif
1408	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1409		1408
		1409	/*
		1410	* Free internal session cache. However: the remove_cb() may reference
		1411	* the ex_data of SSL_CTX, thus the ex_data store can only be removed
		1412	* after the sessions were flushed.
		1413	* As the ex_data handling routines might also touch the session cache,
		1414	* the most secure solution seems to be: empty (flush) the cache, then
		1415	* free ex_data, then finally free the cache.
		1416	* (See ticket [openssl.org #212].)
		1417	*/
1410	if (a->sessions != NULL)	1418	if (a->sessions != NULL)
1411	{
1412	SSL_CTX_flush_sessions(a,0);	1419	SSL_CTX_flush_sessions(a,0);
		1420
		1421	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
		1422
		1423	if (a->sessions != NULL)
1413	lh_free(a->sessions);	1424	lh_free(a->sessions);
1414	}	1425
1415	if (a->cert_store != NULL)	1426	if (a->cert_store != NULL)
1416	X509_STORE_free(a->cert_store);	1427	X509_STORE_free(a->cert_store);
1417	if (a->cipher_list != NULL)	1428	if (a->cipher_list != NULL)