From: Yann Ylavic Date: Thu, 27 Feb 2020 12:38:41 +0000 (+0000) Subject: Revert r1874574: wrong patch. X-Git-Tag: 2.5.0-alpha2-ci-test-only~1613 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d84fa3a18537f3eeb59af6e42c3e9b73c71d5365;p=thirdparty%2Fapache%2Fhttpd.git Revert r1874574: wrong patch. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874575 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 7a0d1059116..d5d0b5eb16c 100644 --- a/CHANGES +++ b/CHANGES @@ -1,8 +1,6 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 - *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic] - *) mod_authz_groupfile: Drop AH01666 from loglevel "error" to "info". PR64172. diff --git a/modules/ssl/ssl_util_stapling.c b/modules/ssl/ssl_util_stapling.c index 32a838a07a2..8bb6e7c6c0a 100644 --- a/modules/ssl/ssl_util_stapling.c +++ b/modules/ssl/ssl_util_stapling.c @@ -870,25 +870,17 @@ static int stapling_cb(SSL *ssl, void *arg) } } - rv = SSL_TLSEXT_ERR_NOACK; - if (!rsp) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01957) - "stapling_cb: no suitable response available"); - } - else { - if (ok == TRUE || mctx->stapling_return_errors == TRUE) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01956) - "stapling_cb: setting response"); - if (!stapling_set_response(ssl, rsp)) { - rv = SSL_TLSEXT_ERR_ALERT_FATAL; - } - else { - rv = SSL_TLSEXT_ERR_OK; - } - } - OCSP_RESPONSE_free(rsp); + if (rsp && ((ok == TRUE) || (mctx->stapling_return_errors == TRUE))) { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01956) + "stapling_cb: setting response"); + if (!stapling_set_response(ssl, rsp)) + return SSL_TLSEXT_ERR_ALERT_FATAL; + return SSL_TLSEXT_ERR_OK; } - return rv; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01957) + "stapling_cb: no suitable response available"); + + return SSL_TLSEXT_ERR_NOACK; }