rpms / httpd

Clone
Source Code
GIT

Blame SOURCES/httpd-2.4.6-ssl-error-free.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-2.4 c8-sig-artwork c8-stream-2.4 c8s-stream-2.4 c9 c9-beta
  1.   749353c69a5a95fe9fe9d1eb9f2ce2347e54869a
  2.   SOURCES
  3.   httpd-2.4.6-ssl-error-free.patch
Blob History Raw
0943f8 
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
0943f8 
index 19d3ec7..926e05e 100644
0943f8 
--- a/modules/ssl/mod_ssl.c
0943f8 
+++ b/modules/ssl/mod_ssl.c
0943f8 
@@ -295,9 +295,12 @@ static apr_status_t ssl_cleanup_pre_config(void *data)
0943f8 
 #endif
0943f8 
     ERR_remove_state(0);
0943f8
0943f8 
-    /* Don't call ERR_free_strings here; ERR_load_*_strings only
0943f8 
-     * actually load the error strings once per process due to static
0943f8 
+    /* Don't call ERR_free_strings in earlier versions, ERR_load_*_strings only
0943f8 
+     * actually loaded the error strings once per process due to static
0943f8 
      * variable abuse in OpenSSL. */
0943f8 
+#if (OPENSSL_VERSION_NUMBER >= 0x00090805f)
0943f8 
+    ERR_free_strings();
0943f8 
+#endif
0943f8
0943f8 
     /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
0943f8 
      * ex_data indices may have been cached in static variables in
0943f8 
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
0943f8 
index 8425acb..508991e 100644
0943f8 
--- a/modules/ssl/ssl_engine_init.c
0943f8 
+++ b/modules/ssl/ssl_engine_init.c
0943f8 
@@ -1065,7 +1065,7 @@ static void ssl_init_server_certs(server_rec *s,
0943f8 
     const char *ecc_id;
0943f8 
     EC_GROUP *ecparams;
0943f8 
     int nid;
0943f8 
-    EC_KEY *eckey;
0943f8 
+    EC_KEY *eckey = NULL;
0943f8 
 #endif
0943f8 
     const char *vhost_id = mctx->sc->vhost_id;
0943f8 
     int i;
0943f8 
@@ -1151,10 +1151,11 @@ static void ssl_init_server_certs(server_rec *s,
0943f8 
 #if defined(SSL_CTX_set_ecdh_auto)
0943f8 
         SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
0943f8 
 #else
0943f8 
-        SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
0943f8 
-                             EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
0943f8 
+        eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
0943f8 
+        SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
0943f8 
 #endif
0943f8 
     }
0943f8 
+    EC_KEY_free(eckey);
0943f8 
 #endif
0943f8 
 }
0943f8

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation