This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 9.2.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/9.2.x by this push:
new a7bb670157 Fix crash on config reload with BoringSSL (#9840)
a7bb670157 is described below
commit a7bb6701573df9e4ad66ff29059d91a3e488bb95
Author: Masakazu Kitajo <[email protected]>
AuthorDate: Sat Jun 17 03:02:26 2023 +0900
Fix crash on config reload with BoringSSL (#9840)
(cherry picked from commit b0f4a0428592dec011aee0fb7ed56bb6c1bd43ee)
---
iocore/net/SSLConfig.cc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/iocore/net/SSLConfig.cc b/iocore/net/SSLConfig.cc
index 5825b0c66b..de3a9bbc89 100644
--- a/iocore/net/SSLConfig.cc
+++ b/iocore/net/SSLConfig.cc
@@ -852,7 +852,8 @@ SSLConfigParams::getCTX(const std::string &client_cert,
const std::string &key_f
SSLError("failed to attach client chain certificate from %s",
client_cert.c_str());
goto fail;
}
- X509_free(cert);
+ // Do not free cert becasue SSL_CTX_add_extra_chain_cert takes
ownership of cert if it succeeds, unlike
+ // SSL_CTX_use_certificate.
cert = PEM_read_bio_X509(biop, nullptr, nullptr, nullptr);
}
