diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-11-03 02:43:03 +0100 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-11-03 03:23:03 +0100 |
| commit | 44d70e078f5e5270908dd6d7a3182f48022b148d (patch) | |
| tree | 3c73e2f5e5ee2660bc27266717a800685c5ab694 /base/server/cms/src/com | |
| parent | 487d08c2832368848f1235d781e114d343190476 (diff) | |
Fixed resource leak in OCSPNoCheckExtension.
The OCSPNoCheckExtension has been modified to always close the
DerOutputStream instance.
The OCSPNoCheckExt has been modified to wrap the original
exception.
https://fedorahosted.org/pki/ticket/2530
Diffstat (limited to 'base/server/cms/src/com')
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/base/server/cms/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java b/base/server/cms/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java index aece9664a..da0584cb0 100644 --- a/base/server/cms/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java +++ b/base/server/cms/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java @@ -22,11 +22,6 @@ import java.security.cert.CertificateException; import java.util.Locale; import java.util.Vector; -import netscape.security.extensions.OCSPNoCheckExtension; -import netscape.security.x509.CertificateExtensions; -import netscape.security.x509.CertificateVersion; -import netscape.security.x509.X509CertInfo; - import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; @@ -38,6 +33,11 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; +import netscape.security.extensions.OCSPNoCheckExtension; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.CertificateVersion; +import netscape.security.x509.X509CertInfo; + /** * This implements an OCSP Signing policy, it * adds the OCSP Signing extension to the certificate. @@ -88,7 +88,11 @@ public class OCSPNoCheckExt extends APolicyRule */ public void init(ISubsystem owner, IConfigStore config) throws EBaseException { - mOCSPNoCheck = new OCSPNoCheckExtension(); + try { + mOCSPNoCheck = new OCSPNoCheckExtension(); + } catch (IOException e) { + throw new EBaseException(e); + } if (mOCSPNoCheck != null) { // configure the extension itself |