[or-cvs] r13052: Fix bug 582: decref the idcert when we add it to the store. (in tor/trunk: . src/common)
nickm at seul.org
nickm at seul.org
Mon Jan 7 16:50:31 UTC 2008
Author: nickm
Date: 2008-01-07 11:50:31 -0500 (Mon, 07 Jan 2008)
New Revision: 13052
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/src/common/tortls.c
Log:
r17490 at catbus: nickm | 2008-01-07 11:48:02 -0500
Fix bug 582: decref the idcert when we add it to the store.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r17490] on 8246c3cf-6607-4228-993b-4d95d33730f1
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2008-01-07 16:17:17 UTC (rev 13051)
+++ tor/trunk/ChangeLog 2008-01-07 16:50:31 UTC (rev 13052)
@@ -27,6 +27,8 @@
- Patch from Karsten Loesing to complain less at both the client
and the relay when a relay used to have the HSDir flag but doesn't
anymore, and we try to upload a hidden service descriptor.
+ - Stop leaking one cert per TLS context. Fixes bug 582. Bugfix
+ on 0.2.0.15-alpha.
o Minor features (controller):
- Get NS events working again. (Patch from tup)
Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c 2008-01-07 16:17:17 UTC (rev 13051)
+++ tor/trunk/src/common/tortls.c 2008-01-07 16:50:31 UTC (rev 13052)
@@ -550,18 +550,14 @@
goto error;
X509_free(cert); /* We just added a reference to cert. */
cert=NULL;
-#if 0
- if (idcert && !SSL_CTX_add_extra_chain_cert(result->ctx,idcert))
- goto error;
-#else
if (idcert) {
X509_STORE *s = SSL_CTX_get_cert_store(result->ctx);
tor_assert(s);
X509_STORE_add_cert(s, idcert); /*XXXX020 This cert seems not to get
* freed. Fix that! */
+ X509_free(idcert); /* The context now owns the reference to idcert */
+ idcert = NULL;
}
-#endif
- idcert=NULL; /* The context now owns the reference to idcert */
SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
tor_assert(rsa);
if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,1)))
More information about the tor-commits
mailing list