diff options
| author | Adriaan de Jong <dejong@fox-it.com> | 2012-02-14 11:11:26 +0100 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2012-03-30 22:56:47 +0200 |
| commit | 8e5613c2a8545a67cab2734569a8f088100d731b (patch) | |
| tree | 42a77658488bad5ef3b2494d532d269ebfdb2bfb /src/openvpn/ssl_verify_openssl.c | |
| parent | 025f30d7c6434aaf0ab4af3744f76aaf8c0b71d6 (diff) | |
| download | openvpn-8e5613c2a8545a67cab2734569a8f088100d731b.tar.gz openvpn-8e5613c2a8545a67cab2734569a8f088100d731b.tar.xz openvpn-8e5613c2a8545a67cab2734569a8f088100d731b.zip | |
Migrated x509_get_sha1_hash to use the garbage collector
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'src/openvpn/ssl_verify_openssl.c')
| -rw-r--r-- | src/openvpn/ssl_verify_openssl.c | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index a962426..4dfabfc 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -49,7 +49,6 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) struct tls_session *session; SSL *ssl; struct gc_arena gc = gc_new(); - unsigned char *sha1_hash = NULL; /* get the tls_session pointer */ ssl = X509_STORE_CTX_get_ex_data (ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); @@ -57,9 +56,8 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) session = (struct tls_session *) SSL_get_ex_data (ssl, mydata_index); ASSERT (session); - sha1_hash = x509_get_sha1_hash(ctx->current_cert); - cert_hash_remember (session, ctx->error_depth, sha1_hash); - x509_free_sha1_hash(sha1_hash); + cert_hash_remember (session, ctx->error_depth, + x509_get_sha1_hash(ctx->current_cert, &gc)); /* did peer present cert which was signed by our root cert? */ if (!preverify_ok) @@ -238,20 +236,13 @@ x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc) } unsigned char * -x509_get_sha1_hash (X509 *cert) +x509_get_sha1_hash (X509 *cert, struct gc_arena *gc) { - char *hash = malloc(SHA_DIGEST_LENGTH); + char *hash = gc_malloc(SHA_DIGEST_LENGTH, false, gc); memcpy(hash, cert->sha1_hash, SHA_DIGEST_LENGTH); return hash; } -void -x509_free_sha1_hash (unsigned char *hash) -{ - if (hash) - free(hash); -} - char * x509_get_subject (X509 *cert, struct gc_arena *gc) { |