diff options
author | Rob Percival <robpercival@google.com> | 2016-03-07 18:05:53 +0000 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-03-07 14:44:04 -0500 |
commit | 3f3c7d26d577902a542bf226a091aab93ea1ff96 (patch) | |
tree | bd2dd8f552c2607d133b09720a44542186bd7b13 /ssl | |
parent | 4d482ee24fd4b4cec38671e0060e2131efc5de51 (diff) |
Use s->session->peer instead of calling SSL_get_peer_certificate(s)
Avoids modifying certificate reference count, and thereby avoids locking.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_lib.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b1e7d0d2ec..5dfb0fdbc7 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3931,7 +3931,7 @@ err: static int ct_extract_x509v3_extension_scts(SSL *s) { int scts_extracted = 0; - X509 *cert = SSL_get_peer_certificate(s); + X509 *cert = s->session != NULL ? s->session->peer : NULL; if (cert != NULL) { STACK_OF(SCT) *scts = @@ -3941,7 +3941,6 @@ static int ct_extract_x509v3_extension_scts(SSL *s) ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION); SCT_LIST_free(scts); - X509_free(cert); } return scts_extracted; @@ -4032,7 +4031,7 @@ ct_validation_cb SSL_CTX_get_ct_validation_callback(const SSL_CTX *ctx) int ssl_validate_ct(SSL *s) { int ret = 0; - X509 *cert = SSL_get_peer_certificate(s); + X509 *cert = s->session != NULL ? s->session->peer : NULL; X509 *issuer = NULL; CT_POLICY_EVAL_CTX *ctx = NULL; const STACK_OF(SCT) *scts; @@ -4072,7 +4071,6 @@ int ssl_validate_ct(SSL *s) end: CT_POLICY_EVAL_CTX_free(ctx); - X509_free(cert); return ret; } |