From fa406a4e78813492e56384a03893357a094f6793 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sat, 7 Apr 2018 16:35:34 +0000 Subject: Correct tls_config_clear_keys() behaviour. Previously this incorrectly called tls_keypair_clear(), which results in the private key being cleared, along with the certificate, OCSP staple and pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called following tls_configure(), as is done by httpd. Fix this by calling tls_keypair_clear_key() so that only the private key is cleared, leaving the other public data untouched. While here, remove tls_keypair_clear() and fold the necessary parts into tls_keypair_free(). ok beck@ --- src/lib/libtls/tls_internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib/libtls/tls_internal.h') diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index 0d7e2289d3..b236204e81 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.71 2018/03/19 16:34:47 jsing Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.72 2018/04/07 16:35:34 jsing Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas * Copyright (c) 2014 Joel Sing @@ -199,7 +199,7 @@ int tls_set_mem(char **_dest, size_t *_destlen, const void *_src, int tls_set_string(const char **_dest, const char *_src); struct tls_keypair *tls_keypair_new(void); -void tls_keypair_clear(struct tls_keypair *_keypair); +void tls_keypair_clear_key(struct tls_keypair *_keypair); void tls_keypair_free(struct tls_keypair *_keypair); int tls_keypair_set_cert_file(struct tls_keypair *_keypair, struct tls_error *_error, const char *_cert_file); -- cgit v1.2.3-55-g6feb