mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-06 15:17:01 +02:00
BUG/MEDIUM: ssl: do not store pkinfo with SSL_set_ex_data
Bug from 96b7834e: pkinfo is stored on SSL_CTX ex_data and should
not be also stored on SSL ex_data without reservation.
Simply extract pkinfo from SSL_CTX in ssl_sock_get_pkey_algo.
No backport needed.
This commit is contained in:
Emmanuel Hocdet
Willy Tarreau
parent
28962c9941
commit
3448c490ca
@ -2064,11 +2064,6 @@ static struct {
|
|||||||
|
|
||||||
static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
|
static void ssl_sock_switchctx_set(SSL *ssl, SSL_CTX *ctx)
|
||||||
{
|
{
|
||||||
struct pkey_info *pkinfo;
|
|
||||||
|
|
||||||
pkinfo = SSL_CTX_get_ex_data(ctx, ssl_pkey_info_index);
|
|
||||||
if (pkinfo)
|
|
||||||
SSL_set_ex_data(ssl, ssl_pkey_info_index, pkinfo);
|
|
||||||
SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
|
SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), ssl_sock_bind_verifycbk);
|
||||||
SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
|
SSL_set_client_CA_list(ssl, SSL_dup_CA_list(SSL_CTX_get_client_CA_list(ctx)));
|
||||||
SSL_set_SSL_CTX(ssl, ctx);
|
SSL_set_SSL_CTX(ssl, ctx);
|
||||||
@ -5725,7 +5720,7 @@ int ssl_sock_get_pkey_algo(struct connection *conn, struct chunk *out)
|
|||||||
if (!ssl_sock_is_ssl(conn))
|
if (!ssl_sock_is_ssl(conn))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
pkinfo = SSL_get_ex_data(conn->xprt_ctx, ssl_pkey_info_index);
|
pkinfo = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(conn->xprt_ctx), ssl_pkey_info_index);
|
||||||
if (pkinfo) {
|
if (pkinfo) {
|
||||||
sig = pkinfo->sig;
|
sig = pkinfo->sig;
|
||||||
bits = pkinfo->bits;
|
bits = pkinfo->bits;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user