upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-03-12 05:32:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

BUG/MINOR: ssl: Fix OCSP_CERTID leak when same certificate is used multiple times

Browse source 
If a given certificate is used multiple times in a configuration, the
ocsp_cid field would have been overwritten during each
ssl_sock_load_ocsp call even if it was previously filled.

This patch does not need to be backported.
This commit is contained in:
Remi Tricot-Le Breton 2023-01-09 12:02:47 +01:00 committed by William Lallemand
parent fc92b8bda5
commit 2d1daa8095
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/ssl_sock.c
View file

@ -1150,7 +1150,8 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, struct ckch_data *data, STACK_OF(X50
if (!issuer)
goto out;
data->ocsp_cid = OCSP_cert_to_id(0, x, issuer);
if (!data->ocsp_cid)
data->ocsp_cid = OCSP_cert_to_id(0, x, issuer);
if (!data->ocsp_cid)
goto out;