[tomcat-native] 02/02: Additional fix for BZ 65181

Mon, 31 May 2021 04:17:33 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git

commit 6c57ffaf47f0e27e59fb99fb528f5f626a5b5465
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Mon May 31 12:14:29 2021 +0100

    Additional fix for BZ 65181
    
    https://bz.apache.org/bugzilla/show_bug.cgi?id=65181
---
 native/src/ssl.c                  | 11 ++++++++---
 xdocs/miscellaneous/changelog.xml |  5 +++++
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/native/src/ssl.c b/native/src/ssl.c
index da5f026..d59246e 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -367,6 +367,14 @@ static apr_status_t ssl_init_cleanup(void *data)
 #endif
     free_dh_params();
 
+#ifndef OPENSSL_NO_ENGINE
+    if (tcn_ssl_engine != NULL) {
+        /* Release the SSL Engine structural reference */
+        ENGINE_free(tcn_ssl_engine);
+        tcn_ssl_engine = NULL;
+    }
+#endif
+
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
     /* Openssl v1.1+ handles all termination automatically. Do
      * nothing in this case.
@@ -815,9 +823,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, 
jstring engine)
                 if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL))
                     err = APR_ENOTIMPL;
             }
-            /* Free our "structural" reference. */
-            if (ee)
-                ENGINE_free(ee);
         }
         if (err != APR_SUCCESS) {
             TCN_FREE_CSTRING(engine);
diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
index 383a43a..e366685 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -35,6 +35,11 @@
   </p>
 </section>
 <section name="Changes in 1.2.30">
+    <add>
+      <bug>65181</bug>: Additional changes required to provided support for
+      using OpenSSL Engines that use proprietary key formats. Based on a patch
+      provided by Edin Hodzic. (markt)
+    </add>
 </section>
 <section name="Changes in 1.2.29 (not released)">
   <changelog>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to