diff options
| author | Adriaan de Jong <dejong@fox-it.com> | 2012-02-14 11:11:25 +0100 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2012-03-30 22:50:47 +0200 |
| commit | 025f30d7c6434aaf0ab4af3744f76aaf8c0b71d6 (patch) | |
| tree | c976ac306e542d7a49e546be38b037748b736c5d /src/openvpn/ssl_verify.c | |
| parent | 00b973f8af85c3ea8fa3cef80eec55e8dc139b27 (diff) | |
| download | openvpn-025f30d7c6434aaf0ab4af3744f76aaf8c0b71d6.tar.gz openvpn-025f30d7c6434aaf0ab4af3744f76aaf8c0b71d6.tar.xz openvpn-025f30d7c6434aaf0ab4af3744f76aaf8c0b71d6.zip | |
Migrated x509_get_serial to use the garbage collector
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'src/openvpn/ssl_verify.c')
| -rw-r--r-- | src/openvpn/ssl_verify.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index c4612f9..f84a4fb 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -383,6 +383,8 @@ verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert ) { char envname[64]; + char *serial = NULL; + struct gc_arena gc = gc_new (); /* Save X509 fields in environment */ #ifdef ENABLE_X509_TRACK @@ -405,25 +407,21 @@ verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert #ifdef ENABLE_EUREPHIA /* export X509 cert SHA1 fingerprint */ { - struct gc_arena gc = gc_new (); unsigned char *sha1_hash = x509_get_sha1_hash(peer_cert); openvpn_snprintf (envname, sizeof(envname), "tls_digest_%d", cert_depth); setenv_str (es, envname, format_hex_ex(sha1_hash, SHA_DIGEST_LENGTH, 0, 1, ":", &gc)); x509_free_sha1_hash(sha1_hash); - gc_free(&gc); } #endif - /* export serial number as environmental variable, - use bignum in case serial number is large */ - { - char *serial = x509_get_serial(peer_cert); - openvpn_snprintf (envname, sizeof(envname), "tls_serial_%d", cert_depth); - setenv_str (es, envname, serial); - x509_free_serial(serial); - } + /* export serial number as environmental variable */ + serial = x509_get_serial(peer_cert, &gc); + openvpn_snprintf (envname, sizeof(envname), "tls_serial_%d", cert_depth); + setenv_str (es, envname, serial); + + gc_free(&gc); } /* @@ -543,24 +541,26 @@ verify_check_crl_dir(const char *crl_dir, openvpn_x509_cert_t *cert) { char fn[256]; int fd; - char *serial = x509_get_serial(cert); + struct gc_arena gc = gc_new(); + + char *serial = x509_get_serial(cert, &gc); if (!openvpn_snprintf(fn, sizeof(fn), "%s%c%s", crl_dir, OS_SPECIFIC_DIRSEP, serial)) { msg (D_HANDSHAKE, "VERIFY CRL: filename overflow"); - x509_free_serial(serial); + gc_free(&gc); return FAILURE; } fd = platform_open (fn, O_RDONLY, 0); if (fd >= 0) { msg (D_HANDSHAKE, "VERIFY CRL: certificate serial number %s is revoked", serial); - x509_free_serial(serial); close(fd); + gc_free(&gc); return FAILURE; } - x509_free_serial(serial); + gc_free(&gc); return SUCCESS; } |