Changeset 44e8944 in mod_gnutls


Ignore:
Timestamp:
Jun 15, 2016, 7:27:39 PM (18 months ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
master, debian, upstream
Children:
7e7d328
Parents:
eee1432
Message:

Allocate memory for X.509 and PGP certificates only when needed

Location:
src
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_config.c

    reee1432 r44e8944  
    188188    apr_pool_create(&spool, ptemp);
    189189
    190     sc->cert_pgp = apr_pcalloc(pconf, sizeof(sc->cert_pgp[0]));
    191     sc->cert_crt_pgp = apr_pcalloc(pconf, sizeof(sc->cert_crt_pgp[0]));
    192     sc->certs_x509_chain =
    193         apr_pcalloc(pconf, MAX_CHAIN_SIZE * sizeof(sc->certs_x509_chain[0]));
    194     sc->certs_x509_crt_chain =
    195         apr_pcalloc(pconf, MAX_CHAIN_SIZE * sizeof(sc->certs_x509_crt_chain[0]));
    196 
    197190    /* Cleanup function for the GnuTLS structures allocated below */
    198191    apr_pool_cleanup_register(pconf, sc, mgs_pool_free_credentials,
     
    303296    }
    304297
    305     if (sc->x509_cert_file != NULL && sc->certs_x509_crt_chain[0] == NULL)
    306     {
     298    if (sc->x509_cert_file != NULL && sc->certs_x509_crt_chain == NULL)
     299    {
     300        sc->certs_x509_chain =
     301            apr_pcalloc(pconf,
     302                        MAX_CHAIN_SIZE * sizeof(sc->certs_x509_chain[0]));
     303        sc->certs_x509_crt_chain =
     304            apr_pcalloc(pconf,
     305                        MAX_CHAIN_SIZE * sizeof(sc->certs_x509_crt_chain[0]));
    307306        unsigned int chain_num = MAX_CHAIN_SIZE;
    308307        unsigned format = GNUTLS_X509_FMT_PEM;
     
    469468    }
    470469
    471     if (sc->pgp_cert_file)
    472     {
     470    if (sc->pgp_cert_file && sc->cert_pgp == NULL)
     471    {
     472        sc->cert_pgp = apr_pcalloc(pconf, sizeof(sc->cert_pgp[0]));
     473        sc->cert_crt_pgp = apr_pcalloc(pconf, sizeof(sc->cert_crt_pgp[0]));
     474
    473475        if (load_datum_from_file(spool, sc->pgp_cert_file, &data) != 0) {
    474476            ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
     
    10701072#endif
    10711073    sc->certs = NULL;
     1074    sc->certs_x509_chain = NULL;
     1075    sc->certs_x509_crt_chain = NULL;
    10721076    sc->certs_x509_chain_num = 0;
    10731077    sc->p11_modules = NULL;
    10741078    sc->pin = NULL;
    10751079
     1080    sc->cert_pgp = NULL;
     1081    sc->cert_crt_pgp = NULL;
    10761082    sc->privkey_pgp = NULL;
    10771083#if GNUTLS_VERSION_NUMBER < 0x030312
  • src/gnutls_hooks.c

    reee1432 r44e8944  
    463463        if (sc->enabled == GNUTLS_ENABLED_TRUE &&
    464464            ((sc->certs_x509_chain_num > 0 && sc->privkey_x509 == NULL) ||
    465              (sc->cert_crt_pgp[0] != NULL && sc->privkey_pgp == NULL))) {
     465             (sc->cert_crt_pgp != NULL && sc->privkey_pgp == NULL)))
     466        {
    466467                        ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
    467468                                                "GnuTLS: Host '%s:%d' is missing a Private Key File!",
Note: See TracChangeset for help on using the changeset viewer.