On Thu, Feb 16, 2017 at 4:48 PM, Yann Ylavic <ylavic....@gmail.com> wrote: > On Thu, Feb 16, 2017 at 11:27 PM, <wr...@apache.org> wrote: >> Author: wrowe >> Date: Thu Feb 16 22:27:24 2017 >> New Revision: 1783317 >> >> URL: http://svn.apache.org/viewvc?rev=1783317&view=rev >> Log: >> Avoid unnecessary code (the deprecation macro wrapper itself emits unused >> args >> warnings) in OpenSSL 1.1.0 and avoid _free()ing NULL references. >> >> >> Modified: >> httpd/httpd/trunk/modules/ssl/ssl_engine_init.c > [] >> #endif >> } >> - EC_KEY_free(eckey); >> - EC_GROUP_free(ecparams); >> +#endif >> + if (eckey) >> + EC_KEY_free(eckey); >> + if (ecparams) >> + EC_GROUP_free(ecparams); > > ISTM that these are NULL safe already.
With no docs to that effect, and trying to predict what 1.2.0 might do to us, the explicit avoidance seems safer, no? Is there somewhere it is documented what openssl's NULL-safe policy is?
