From 334230957230d0ef04167142dc6d3fd17a68d67f Mon Sep 17 00:00:00 2001 From: Bertrand Jacquin Date: Sun, 13 Nov 2016 16:37:13 +0000 Subject: [PATCH] BUG/MEDIUM: ssl: Store certificate filename in a variable Before this change, trash is being used to create certificate filename to read in care Mutli-Cert are in used. But then ssl_sock_load_ocsp() modify trash leading to potential wrong information given in later error message. This also blocks any further use of certificate filename for other usage, like ongoing patch to support Certificate Transparency handling in Multi-Cert bundle. --- src/ssl_sock.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index b14bb8a46..ded1c240c 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -2137,6 +2137,7 @@ static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_con node = ebmb_first(&sni_keytypes_map); while (node) { SSL_CTX *cur_ctx; + char cur_file[MAXPATHLEN+1]; str = (char *)container_of(node, struct sni_keytype, name)->name.key; i = container_of(node, struct sni_keytype, name)->keytypes; @@ -2156,8 +2157,8 @@ static int ssl_sock_load_multi_cert(const char *path, struct bind_conf *bind_con for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) { if (i & (1<