|
|
41a6c3 |
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
|
|
|
41a6c3 |
index 19d3ec7..926e05e 100644
|
|
|
41a6c3 |
--- a/modules/ssl/mod_ssl.c
|
|
|
41a6c3 |
+++ b/modules/ssl/mod_ssl.c
|
|
|
41a6c3 |
@@ -295,9 +295,12 @@ static apr_status_t ssl_cleanup_pre_config(void *data)
|
|
|
41a6c3 |
#endif
|
|
|
41a6c3 |
ERR_remove_state(0);
|
|
|
41a6c3 |
|
|
|
41a6c3 |
- /* Don't call ERR_free_strings here; ERR_load_*_strings only
|
|
|
41a6c3 |
- * actually load the error strings once per process due to static
|
|
|
41a6c3 |
+ /* Don't call ERR_free_strings in earlier versions, ERR_load_*_strings only
|
|
|
41a6c3 |
+ * actually loaded the error strings once per process due to static
|
|
|
41a6c3 |
* variable abuse in OpenSSL. */
|
|
|
41a6c3 |
+#if (OPENSSL_VERSION_NUMBER >= 0x00090805f)
|
|
|
41a6c3 |
+ ERR_free_strings();
|
|
|
41a6c3 |
+#endif
|
|
|
41a6c3 |
|
|
|
41a6c3 |
/* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
|
|
|
41a6c3 |
* ex_data indices may have been cached in static variables in
|
|
|
41a6c3 |
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
|
|
|
41a6c3 |
index 8425acb..508991e 100644
|
|
|
41a6c3 |
--- a/modules/ssl/ssl_engine_init.c
|
|
|
41a6c3 |
+++ b/modules/ssl/ssl_engine_init.c
|
|
|
41a6c3 |
@@ -1065,7 +1065,7 @@ static void ssl_init_server_certs(server_rec *s,
|
|
|
41a6c3 |
const char *ecc_id;
|
|
|
41a6c3 |
EC_GROUP *ecparams;
|
|
|
41a6c3 |
int nid;
|
|
|
41a6c3 |
- EC_KEY *eckey;
|
|
|
41a6c3 |
+ EC_KEY *eckey = NULL;
|
|
|
41a6c3 |
#endif
|
|
|
41a6c3 |
const char *vhost_id = mctx->sc->vhost_id;
|
|
|
41a6c3 |
int i;
|
|
|
41a6c3 |
@@ -1151,10 +1151,11 @@ static void ssl_init_server_certs(server_rec *s,
|
|
|
41a6c3 |
#if defined(SSL_CTX_set_ecdh_auto)
|
|
|
41a6c3 |
SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
|
|
|
41a6c3 |
#else
|
|
|
41a6c3 |
- SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
|
|
|
41a6c3 |
- EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
|
|
|
41a6c3 |
+ eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
|
|
41a6c3 |
+ SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
|
|
|
41a6c3 |
#endif
|
|
|
41a6c3 |
}
|
|
|
41a6c3 |
+ EC_KEY_free(eckey);
|
|
|
41a6c3 |
#endif
|
|
|
41a6c3 |
}
|
|
|
41a6c3 |
|