From 2b6e09b39ef1d803b50ee024a06d1c250fde442d Mon Sep 17 00:00:00 2001 From: djm <> Date: Mon, 6 Apr 2009 06:30:10 +0000 Subject: import of OpenSSL 0.9.8k --- src/lib/libssl/s3_clnt.c | 2 +- src/lib/libssl/ssl_ciph.c | 2 +- src/lib/libssl/ssl_lib.c | 2 ++ src/lib/libssl/test/times | 2 +- 4 files changed, 5 insertions(+), 3 deletions(-) (limited to 'src/lib/libssl') diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 5fd3520caf..50308487aa 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c @@ -173,7 +173,7 @@ int ssl3_connect(SSL *s) long num1; void (*cb)(const SSL *ssl,int type,int val)=NULL; int ret= -1; - int new_state,state,skip=0;; + int new_state,state,skip=0; RAND_add(&Time,sizeof(Time),0); ERR_clear_error(); diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 0c2aa249b4..52f91cfe60 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c @@ -1355,7 +1355,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) comp->method=cm; load_builtin_compressions(); if (ssl_comp_methods - && !sk_SSL_COMP_find(ssl_comp_methods,comp)) + && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0) { OPENSSL_free(comp); MemCheck_on(); diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 68eee77e6f..893abff1f4 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c @@ -510,6 +510,8 @@ void SSL_free(SSL *s) if (s->ctx) SSL_CTX_free(s->ctx); #ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_hostname) + OPENSSL_free(s->tlsext_hostname); if (s->initial_ctx) SSL_CTX_free(s->initial_ctx); if (s->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times index 49aeebf216..738d569b8f 100644 --- a/src/lib/libssl/test/times +++ b/src/lib/libssl/test/times @@ -68,7 +68,7 @@ eric (adding numbers to speculation) --- Appendix --- - The time measured is user time but these number a very rough. - Remember this is the cost of both client and server sides of the protocol. -- The TCP/kernal overhead of connection establishment is normally the +- The TCP/kernel overhead of connection establishment is normally the killer in SSL. Often delays in the TCP protocol will make session-id reuse look slower that new sessions, but this would not be the case on a loaded server. -- cgit v1.2.3-55-g6feb