CVSROOT: /cvs
Module name: src
Changes by: js...@cvs.openbsd.org 2018/04/07 10:35:34
Modified files:
lib/libtls : tls_config.c tls_internal.h tls_keypair.c
Log message:
Correct tls_config_clear_keys() behaviour.
Previously this incorrectly called tls_keypair_clear(), which results in
the private key being cleared, along with the certificate, OCSP staple and
pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called
following tls_configure(), as is done by httpd.
Fix this by calling tls_keypair_clear_key() so that only the private key is
cleared, leaving the other public data untouched. While here, remove
tls_keypair_clear() and fold the necessary parts into tls_keypair_free().
ok beck@
