Fossil

Check-in [ee59ca74]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix case when trying to free a non-malloced pointer.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | ssl_platform_fixes
Files: files | file ages | folders
SHA1: ee59ca74b8b8991520660514266da7483e5f68d7
User & Date: linuxfood 2010-03-21 22:38:03
Context
2010-03-21
22:42
Comparison typo. Leaf check-in: 624bc1c6 user: linuxfood tags: ssl_platform_fixes
22:38
Fix case when trying to free a non-malloced pointer. check-in: ee59ca74 user: linuxfood tags: ssl_platform_fixes
22:14
Merge in trunk and local fixes. check-in: 3b06c951 user: linuxfood tags: ssl_platform_fixes
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/http_ssl.c.

84
85
86
87
88
89
90

91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

117

118
119
120
121
122
123
124
/*
** Call this routine once before any other use of the SSL interface.
** This routine does initial configuration of the SSL module.
*/
void ssl_global_init(void){
  if( sslIsInit==0 ){
    char *system_store = NULL;

    SSL_library_init();
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();    
    sslCtx = SSL_CTX_new(SSLv23_client_method());
#if defined(__MINGW32__)
    /* TODO Load windows cert store here. */
#elif defined(__linux__)
    /* Linux has a few different places to find the root certificate bundle */
    if(file_isfile("/etc/pki/tls/cert.pem")) {
      /* This is for RedHat derived distros */
      system_store = "/etc/pki/tls/cert.pem";
    }
    else if(file_isfile("/etc/ssl/certs/ca-certificates.crt")) {
      /* This is for Debian derived distros, and Arch */
      system_store = "/etc/ssl/certs/ca-certificates.crt";
    }
#elif defined(__FreeBSD__)
    system_store =  "/usr/local/share/certs/ca-root-nss.crt";
#elif defined(__APPLE__)
    /* No action necessary, OpenSSL on OS X appears
       to load the system store automatically */
#endif
    system_store = db_get("certificate-bundle", system_store);
    if(system_store != NULL) {
      SSL_CTX_load_verify_locations(sslCtx, system_store, NULL);

      free(system_store);

    }
    sslIsInit = 1;
  }
}

/*
** Call this routine to shutdown the SSL module prior to program exit.







>











|



|


|




|


>
|
>







84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
/*
** Call this routine once before any other use of the SSL interface.
** This routine does initial configuration of the SSL module.
*/
void ssl_global_init(void){
  if( sslIsInit==0 ){
    char *system_store = NULL;
    char *detected_store = NULL;
    SSL_library_init();
    SSL_load_error_strings();
    ERR_load_BIO_strings();
    OpenSSL_add_all_algorithms();    
    sslCtx = SSL_CTX_new(SSLv23_client_method());
#if defined(__MINGW32__)
    /* TODO Load windows cert store here. */
#elif defined(__linux__)
    /* Linux has a few different places to find the root certificate bundle */
    if(file_isfile("/etc/pki/tls/cert.pem")) {
      /* This is for RedHat derived distros */
      detected_store = "/etc/pki/tls/cert.pem";
    }
    else if(file_isfile("/etc/ssl/certs/ca-certificates.crt")) {
      /* This is for Debian derived distros, and Arch */
      detected_store = "/etc/ssl/certs/ca-certificates.crt";
    }
#elif defined(__FreeBSD__)
    detected_store =  "/usr/local/share/certs/ca-root-nss.crt";
#elif defined(__APPLE__)
    /* No action necessary, OpenSSL on OS X appears
       to load the system store automatically */
#endif
    system_store = db_get("certificate-bundle", detected_store);
    if(system_store != NULL) {
      SSL_CTX_load_verify_locations(sslCtx, system_store, NULL);
      if(detected_store != NULL) {
        free(system_store);
      }
    }
    sslIsInit = 1;
  }
}

/*
** Call this routine to shutdown the SSL module prior to program exit.