Blame SOURCES/httpd-2.4.6-r1593002.patch
|
|
cce4bc |
--- a/modules/ssl/ssl_util_stapling.c 2014/05/07 12:51:38 1593001
|
|
|
cce4bc |
+++ b/modules/ssl/ssl_util_stapling.c 2014/05/07 12:52:13 1593002
|
|
|
cce4bc |
@@ -145,14 +145,15 @@
|
|
|
cce4bc |
X509_digest(x, EVP_sha1(), cinf->idx, NULL);
|
|
|
cce4bc |
|
|
|
cce4bc |
aia = X509_get1_ocsp(x);
|
|
|
cce4bc |
- if (aia)
|
|
|
cce4bc |
+ if (aia) {
|
|
|
cce4bc |
cinf->uri = sk_OPENSSL_STRING_pop(aia);
|
|
|
cce4bc |
+ X509_email_free(aia);
|
|
|
cce4bc |
+ }
|
|
|
cce4bc |
if (!cinf->uri && !mctx->stapling_force_url) {
|
|
|
cce4bc |
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02218)
|
|
|
cce4bc |
"ssl_stapling_init_cert: no responder URL");
|
|
|
cce4bc |
+ return 0;
|
|
|
cce4bc |
}
|
|
|
cce4bc |
- if (aia)
|
|
|
cce4bc |
- X509_email_free(aia);
|
|
|
cce4bc |
return 1;
|
|
|
cce4bc |
}
|
|
|
cce4bc |
|
|
|
cce4bc |
@@ -403,6 +404,13 @@
|
|
|
cce4bc |
else
|
|
|
cce4bc |
ocspuri = cinf->uri;
|
|
|
cce4bc |
|
|
|
cce4bc |
+ if (!ocspuri) {
|
|
|
cce4bc |
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02621)
|
|
|
cce4bc |
+ "stapling_renew_response: no uri for responder");
|
|
|
cce4bc |
+ rv = FALSE;
|
|
|
cce4bc |
+ goto done;
|
|
|
cce4bc |
+ }
|
|
|
cce4bc |
+
|
|
|
cce4bc |
/* Create a temporary pool to constrain memory use */
|
|
|
cce4bc |
apr_pool_create(&vpool, conn->pool);
|
|
|
cce4bc |
|