This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new b0f4a04285 Fix crash on config reload with BoringSSL (#9840)
b0f4a04285 is described below
commit b0f4a0428592dec011aee0fb7ed56bb6c1bd43ee
Author: Masakazu Kitajo <[email protected]>
AuthorDate: Sat Jun 17 03:02:26 2023 +0900
Fix crash on config reload with BoringSSL (#9840)
---
iocore/net/SSLConfig.cc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 884c71e827..6d47200cf9 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -952,7 +952,8 @@ SSLConfigParams::getCTX(const std::string &client_cert,
const std::string &key_f
SSLError("failed to attach client chain certificate from %s",
client_cert.c_str());
goto fail;
}
- X509_free(cert);
+ // Do not free cert becasue SSL_CTX_add_extra_chain_cert takes
ownership of cert if it succeeds, unlike
+ // SSL_CTX_use_certificate.
cert = PEM_read_bio_X509(biop, nullptr, nullptr, nullptr);
}
