From 3a3a489a756f2852d798376f20cc0d4ab609c866 Mon Sep 17 00:00:00 2001
From: markus <>
Date: Sat, 14 Sep 2002 11:18:04 +0000
Subject: merge with openssl-0.9.7-stable-SNAP-20020911, new minor for
 libcrypto (_X509_REQ_print_ex) tested by miod@, pb@

---
 src/lib/libssl/ssl_lib.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

(limited to 'src/lib/libssl/ssl_lib.c')

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 4a87a146e3..4bc4ce5b3a 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a)
 		abort(); /* ok */
 		}
 #endif
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
 
+	/*
+	 * Free internal session cache. However: the remove_cb() may reference
+	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+	 * after the sessions were flushed.
+	 * As the ex_data handling routines might also touch the session cache,
+	 * the most secure solution seems to be: empty (flush) the cache, then
+	 * free ex_data, then finally free the cache.
+	 * (See ticket [openssl.org #212].)
+	 */
 	if (a->sessions != NULL)
-		{
 		SSL_CTX_flush_sessions(a,0);
+
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+
+	if (a->sessions != NULL)
 		lh_free(a->sessions);
-		}
+
 	if (a->cert_store != NULL)
 		X509_STORE_free(a->cert_store);
 	if (a->cipher_list != NULL)
@@ -2289,10 +2300,3 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
 
 IMPLEMENT_STACK_OF(SSL_CIPHER)
 IMPLEMENT_STACK_OF(SSL_COMP)
-
-void OpenSSLDie(const char *file,int line,const char *assertion)
-    {
-    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
-	    file,line,assertion);
-    abort();
-    }
-- 
cgit v1.2.3-55-g6feb