Message ID | 1452211174-33810-1-git-send-email-u9012063@gmail.com |
---|---|
State | Accepted |
Headers | show |
On Thu, Jan 07, 2016 at 03:59:34PM -0800, William Tu wrote: > test case 1628: peer ca cert > ASN1_item_dup > do_ca_cert_bootstrap (stream-ssl.c:413) > ssl_connect (stream-ssl.c:468) > scs_connecting (stream.c:297) > stream_connect (stream.c:320) > Fix by removing the X509_dup(). > > Signed-off-by: William Tu <u9012063@gmail.com> Thanks, applied to master and branch-2.5.
diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index f82c319..0015fc3 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -408,12 +408,6 @@ do_ca_cert_bootstrap(struct stream *stream) /* SSL_CTX_add_client_CA makes a copy of cert's relevant data. */ SSL_CTX_add_client_CA(ctx, cert); - /* SSL_CTX_use_certificate() takes ownership of the certificate passed in. - * 'cert' is owned by sslv->ssl, so we need to duplicate it. */ - cert = X509_dup(cert); - if (!cert) { - out_of_memory(); - } SSL_CTX_set_cert_store(ctx, X509_STORE_new()); if (SSL_CTX_load_verify_locations(ctx, ca_cert.file_name, NULL) != 1) { VLOG_ERR("SSL_CTX_load_verify_locations: %s",
test case 1628: peer ca cert ASN1_item_dup do_ca_cert_bootstrap (stream-ssl.c:413) ssl_connect (stream-ssl.c:468) scs_connecting (stream.c:297) stream_connect (stream.c:320) Fix by removing the X509_dup(). Signed-off-by: William Tu <u9012063@gmail.com> --- lib/stream-ssl.c | 6 ------ 1 file changed, 6 deletions(-)