serf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Sperling <s...@stsp.name>
Subject Re: Call X509_STORE_add_cert before transfering ownership
Date Wed, 01 Feb 2017 13:00:25 GMT
On Tue, Jan 31, 2017 at 04:01:42PM -0800, Adam Langley wrote:
> SSL_CTX_add_extra_chain_cert transfers ownership of the given certificate,
> so it's best to call X509_STORE_add_cert with that certificate before
> rather than after it. (This doesn't cause a problem today because OpenSSL
> keeps a reference around and no other calls to modify the chain are made
> between. As you might guess from this message, this is not always true
> within Google!)

Committed, thank you! https://svn.apache.org/r1781241

> --- test/MockHTTPinC/MockHTTP_server.c  (revision 1781186)
> +++ test/MockHTTPinC/MockHTTP_server.c  (working copy)
> @@ -2755,8 +2755,8 @@
>                  X509 *ssl_cert = PEM_read_X509(fp, NULL, NULL, NULL);
>                  fclose(fp);
> 
> +                X509_STORE_add_cert(store, ssl_cert);
>                  SSL_CTX_add_extra_chain_cert(ssl_ctx->ctx, ssl_cert);
> -                X509_STORE_add_cert(store, ssl_cert);
>              }
>          }
> 
> 
> Cheers
> 
> AGL

Mime
View raw message