izackp/Apollo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix leak of X509 on each HTTPS request

Browse Source
This commit is contained in:
Cameron Gutman
2023-05-22 17:19:32 -05:00
parent 31f72cdbff
commit 8a9eed2f6f
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/nvhttp.cpp
View File

@@ -938,7 +938,7 @@ namespace nvhttp {
// Verify certificates after establishing connection // Verify certificates after establishing connection
https_server.verify = [&cert_chain, add_cert](SSL *ssl) { https_server.verify = [&cert_chain, add_cert](SSL *ssl) {
auto x509 = SSL_get_peer_certificate(ssl); crypto::x509_t x509 { SSL_get_peer_certificate(ssl) };
if (!x509) { if (!x509) {
BOOST_LOG(info) << "unknown -- denied"sv; BOOST_LOG(info) << "unknown -- denied"sv;
return 0; return 0;
@@ -949,7 +949,7 @@ namespace nvhttp {
auto fg = util::fail_guard([&]() { auto fg = util::fail_guard([&]() {
char subject_name[256]; char subject_name[256];
X509_NAME_oneline(X509_get_subject_name(x509), subject_name, sizeof(subject_name)); X509_NAME_oneline(X509_get_subject_name(x509.get()), subject_name, sizeof(subject_name));
BOOST_LOG(debug) << subject_name << " -- "sv << (verified ? "verified"sv : "denied"sv); BOOST_LOG(debug) << subject_name << " -- "sv << (verified ? "verified"sv : "denied"sv);
}); });
@@ -964,7 +964,7 @@ namespace nvhttp {
cert_chain.add(std::move(cert)); cert_chain.add(std::move(cert));
} }
auto err_str = cert_chain.verify(x509); auto err_str = cert_chain.verify(x509.get());
if (err_str) { if (err_str) {
BOOST_LOG(warning) << "SSL Verification error :: "sv << err_str; BOOST_LOG(warning) << "SSL Verification error :: "sv << err_str;