Commit
13b585e8 added support for multiple X509 env variables with the
same name, but as a side effect caused these variables to pile up for
each renegotiation. The old code would simply overwrite the old variables
(as long as an equally-long chain was used for the new session).
To stop the variables from piling up, this commit removes any old X509
env variables if we start negotiating a new TLS session.
Trac: #854
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
1489047212-31994-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14237.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
session->opt->crl_file, session->opt->crl_file_inline);
}
+ /* New connection, remove any old X509 env variables */
+ tls_x509_clear_env(session->opt->es);
+
dmsg(D_TLS_DEBUG_MED, "STATE S_START");
}
gc_free(&gc);
}
}
+
+void
+tls_x509_clear_env(struct env_set *es)
+{
+ struct env_item *item = es->list;
+ while (item)
+ {
+ struct env_item *next = item->next;
+ if (item->string
+ && 0 == strncmp("X509_", item->string, strlen("X509_")))
+ {
+ env_set_del(es, item->string);
+ }
+ item = next;
+ }
+}
+
#endif /* ENABLE_CRYPTO */
#endif
}
+/** Remove any X509_ env variables from env_set es */
+void tls_x509_clear_env(struct env_set *es);
+
#endif /* ENABLE_CRYPTO */
#endif /* SSL_VERIFY_H_ */
projects / thirdparty / openvpn.git / commitdiff
