mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
Remove duplicate X509 env variables
Commit 13b585e8
added support for multiple X509 env variables with the
same name, but as a side effect caused these variables to pile up for
each renegotiation. The old code would simply overwrite the old variables
(as long as an equally-long chain was used for the new session).
To stop the variables from piling up, this commit removes any old X509
env variables if we start negotiating a new TLS session.
Trac: #854
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1489047212-31994-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14237.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
parent
33e1a869fc
commit
fd0361813c
@ -2822,6 +2822,9 @@ tls_process(struct tls_multi *multi,
|
||||
session->opt->crl_file, session->opt->crl_file_inline);
|
||||
}
|
||||
|
||||
/* New connection, remove any old X509 env variables */
|
||||
tls_x509_clear_env(session->opt->es);
|
||||
|
||||
dmsg(D_TLS_DEBUG_MED, "STATE S_START");
|
||||
}
|
||||
|
||||
|
@ -1486,4 +1486,21 @@ verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session)
|
||||
gc_free(&gc);
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
tls_x509_clear_env(struct env_set *es)
|
||||
{
|
||||
struct env_item *item = es->list;
|
||||
while (item)
|
||||
{
|
||||
struct env_item *next = item->next;
|
||||
if (item->string
|
||||
&& 0 == strncmp("X509_", item->string, strlen("X509_")))
|
||||
{
|
||||
env_set_del(es, item->string);
|
||||
}
|
||||
item = next;
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* ENABLE_CRYPTO */
|
||||
|
@ -238,6 +238,9 @@ tls_client_reason(struct tls_multi *multi)
|
||||
#endif
|
||||
}
|
||||
|
||||
/** Remove any X509_ env variables from env_set es */
|
||||
void tls_x509_clear_env(struct env_set *es);
|
||||
|
||||
#endif /* ENABLE_CRYPTO */
|
||||
|
||||
#endif /* SSL_VERIFY_H_ */
|
||||
|
Loading…
Reference in New Issue
Block a user