RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUG/MEDIUM: ssl: does not try to free a DH in a ckch 

ssl_sock_load_dh_params() should not free the DH * of a ckch, or the
ckch won't be usable during the next call.
This commit is contained in:
William Lallemand 2019-07-31 18:31:34 +02:00 committed by Willy Tarreau
parent c4ecddf418
commit a8c73748f8
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/ssl_sock.c
View File

@ -2858,10 +2858,8 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
int ret = -1;
DH *dh = NULL;
if (ckch)
if (ckch && ckch->dh) {
dh = ckch->dh;
if (dh) {
ret = 1;
SSL_CTX_set_tmp_dh(ctx, dh);
@ -2897,9 +2895,6 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
}
end:
if (dh)
DH_free(dh);
return ret;
}
#endif