CVSROOT: /cvs Module name: src Changes by: js...@cvs.openbsd.org 2018/04/07 10:35:34
Modified files: lib/libtls : tls_config.c tls_internal.h tls_keypair.c Log message: Correct tls_config_clear_keys() behaviour. Previously this incorrectly called tls_keypair_clear(), which results in the private key being cleared, along with the certificate, OCSP staple and pubkey hash. This breaks OCSP stapling if tls_config_clear_keys() is called following tls_configure(), as is done by httpd. Fix this by calling tls_keypair_clear_key() so that only the private key is cleared, leaving the other public data untouched. While here, remove tls_keypair_clear() and fold the necessary parts into tls_keypair_free(). ok beck@