diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2012-02-14 11:11:24 +0100 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2012-03-30 11:33:03 +0200 |
commit | 00b973f8af85c3ea8fa3cef80eec55e8dc139b27 (patch) | |
tree | 42ad20eb89be0436bee7a397f2269272a4799414 /src/openvpn/ssl_verify.c | |
parent | 31444111839f0720d6173a71f66fa3a988bcf9fb (diff) | |
download | openvpn-00b973f8af85c3ea8fa3cef80eec55e8dc139b27.tar.gz openvpn-00b973f8af85c3ea8fa3cef80eec55e8dc139b27.tar.xz openvpn-00b973f8af85c3ea8fa3cef80eec55e8dc139b27.zip |
Migrated x509_get_subject to use of the garbage collector
This also cleans up a messy call in pkcs11.c to _openssl_get_subject, as discussed at FOSDEM.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'src/openvpn/ssl_verify.c')
-rw-r--r-- | src/openvpn/ssl_verify.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index e837e39..c4612f9 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -571,6 +571,7 @@ verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_dep char *subject = NULL; char common_name[TLS_USERNAME_LEN] = {0}; const struct tls_options *opt; + struct gc_arena gc = gc_new(); opt = session->opt; ASSERT (opt); @@ -578,7 +579,7 @@ verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_dep session->verified = false; /* get the X509 name */ - subject = x509_get_subject(cert); + subject = x509_get_subject(cert, &gc); if (!subject) { msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 " @@ -676,13 +677,13 @@ verify_cert(struct tls_session *session, openvpn_x509_cert_t *cert, int cert_dep msg (D_HANDSHAKE, "VERIFY OK: depth=%d, %s", cert_depth, subject); session->verified = true; - x509_free_subject (subject); + gc_free(&gc); return SUCCESS; err: tls_clear_error(); session->verified = false; - x509_free_subject (subject); + gc_free(&gc); return FAILURE; } |