rpms/httpd
7
0
Fork 0
Code Issues Pull Requests Releases Activity
3dfccd856a
httpd/httpd-2.4.59-engine-finish.patch
Joe Orton 3dfccd856a mod_ssl: defer ENGINE_finish() calls to a cleanup 
Related: RHEL-36755
2024-05-22 08:21:35 +01:00

110 lines
4.3 KiB
Diff
Raw Blame History

https://issues.redhat.com/browse/RHEL-36755
--- httpd-2.4.59/modules/ssl/ssl_engine_init.c.24 2024-05-22 08:13:42.478057351 +0100
+++ httpd-2.4.59/modules/ssl/ssl_engine_init.c 2024-05-22 08:13:42.489057431 +0100
@@ -1460,7 +1460,7 @@
if (modssl_is_engine_id(keyfile)) {
apr_status_t rv;
- if ((rv = modssl_load_engine_keypair(s, ptemp, vhost_id,
+ if ((rv = modssl_load_engine_keypair(s, p, ptemp, vhost_id,
engine_certfile, keyfile,
&cert, &pkey))) {
return rv;
--- httpd-2.4.59/modules/ssl/ssl_engine_pphrase.c.24 2024-05-22 08:13:42.443057094 +0100
+++ httpd-2.4.59/modules/ssl/ssl_engine_pphrase.c 2024-05-22 08:18:55.179844757 +0100
@@ -830,8 +830,19 @@
#endif
#if MODSSL_HAVE_ENGINE_API
-static apr_status_t modssl_load_keypair_engine(server_rec *s, apr_pool_t *p,
- const char *vhostid,
+
+static apr_status_t modssl_engine_cleanup(void *engine)
+{
+ ENGINE *e = engine;
+
+ ENGINE_finish(e);
+
+ return APR_SUCCESS;
+}
+
+static apr_status_t modssl_load_keypair_engine(server_rec *s,
+ apr_pool_t *pconf, apr_pool_t *ptemp,
+ const char *vhostid,
const char *certid,
const char *keyid,
X509 **pubkey,
@@ -839,12 +850,12 @@
{
const char *c, *scheme;
ENGINE *e;
- UI_METHOD *ui_method = get_passphrase_ui(p);
+ UI_METHOD *ui_method = get_passphrase_ui(ptemp);
pphrase_cb_arg_t ppcb;
memset(&ppcb, 0, sizeof ppcb);
ppcb.s = s;
- ppcb.p = p;
+ ppcb.p = ptemp;
ppcb.bPassPhraseDialogOnce = TRUE;
ppcb.key_id = vhostid;
ppcb.pkey_file = keyid;
@@ -857,7 +868,7 @@
return ssl_die(s);
}
- scheme = apr_pstrmemdup(p, keyid, c - keyid);
+ scheme = apr_pstrmemdup(ptemp, keyid, c - keyid);
if (!(e = ENGINE_by_id(scheme))) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(10132)
"Init: Failed to load engine for private key %s",
@@ -906,7 +917,8 @@
return ssl_die(s);
}
- ENGINE_finish(e);
+ apr_pool_cleanup_register(pconf, e, modssl_engine_cleanup, modssl_engine_cleanup);
+
ENGINE_free(e);
return APR_SUCCESS;
@@ -1007,7 +1019,8 @@
}
#endif
-apr_status_t modssl_load_engine_keypair(server_rec *s, apr_pool_t *p,
+apr_status_t modssl_load_engine_keypair(server_rec *s,
+ apr_pool_t *pconf, apr_pool_t *ptemp,
const char *vhostid,
const char *certid, const char *keyid,
X509 **pubkey, EVP_PKEY **privkey)
@@ -1016,11 +1029,11 @@
SSLModConfigRec *mc = myModConfig(s);
if (!mc->szCryptoDevice)
- return modssl_load_keypair_store(s, p, vhostid, certid, keyid,
+ return modssl_load_keypair_store(s, ptemp, vhostid, certid, keyid,
pubkey, privkey);
#endif
#if MODSSL_HAVE_ENGINE_API
- return modssl_load_keypair_engine(s, p, vhostid, certid, keyid,
+ return modssl_load_keypair_engine(s, pconf, ptemp, vhostid, certid, keyid,
pubkey, privkey);
#else
return APR_ENOTIMPL;
diff -uap httpd-2.4.59/modules/ssl/ssl_private.h.24 httpd-2.4.59/modules/ssl/ssl_private.h
--- httpd-2.4.59/modules/ssl/ssl_private.h.24 2024-05-22 08:13:42.479057358 +0100
+++ httpd-2.4.59/modules/ssl/ssl_private.h 2024-05-22 08:13:42.489057431 +0100
@@ -1090,7 +1090,8 @@
/* Load public and/or private key from the configured ENGINE. Private
* key returned as *pkey. certid can be NULL, in which case *pubkey
* is not altered. Errors logged on failure. */
-apr_status_t modssl_load_engine_keypair(server_rec *s, apr_pool_t *p,
+apr_status_t modssl_load_engine_keypair(server_rec *s,
+ apr_pool_t *pconf, apr_pool_t *ptemp,
const char *vhostid,
const char *certid, const char *keyid,
X509 **pubkey, EVP_PKEY **privkey);
Reference in New Issue View Git Blame Copy Permalink