RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-02-19 12:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl: do not store pkinfo with SSL_set_ex_data

Browse Source 
Bug from 96b7834e: pkinfo is stored on SSL_CTX ex_data and should
not be also stored on SSL ex_data without reservation.
Simply extract pkinfo from SSL_CTX in ssl_sock_get_pkey_algo.

No backport needed.
This commit is contained in:
Emmanuel Hocdet 2018-06-18 12:44:19 +02:00 committed by Willy Tarreau
parent 28962c9941
commit 3448c490ca
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/ssl_sock.c
View File

@ -2064,11 +2064,6 @@ static struct {
static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
{
struct pkey_info *pkinfo;
pkinfo = SSL_CTX_get_ex_data(ctx, ssl_pkey_info_index);
if (pkinfo)
SSL_set_ex_data(ssl, ssl_pkey_info_index, pkinfo);
SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
SSL_set_SSL_CTX(ssl, ctx);
@ -5725,7 +5720,7 @@ int ssl_sock_get_pkey_algo(struct connection *conn, struct chunk *out)
if (!ssl_sock_is_ssl(conn))
return 0;
pkinfo = SSL_get_ex_data(conn->xprt_ctx, ssl_pkey_info_index);
pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(conn->xprt_ctx), ssl_pkey_info_index);
if (pkinfo) {
sig = pkinfo->sig;
bits = pkinfo->bits;