[Fedora-directory-commits] mod_nss nss_engine_init.c,1.14,1.15
Robert Crittenden (rcritten)
fedora-directory-commits at redhat.com
Tue Oct 11 15:01:58 UTC 2005
Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22735
Modified Files:
nss_engine_init.c
Log Message:
Close the proxy model socket so NSS can be shutdown gracefully. Also
correct an error where the PKCS#11 slot isn't closed unless a the
certificate key is obtained. This also affected NSS_Shutdown().
Index: nss_engine_init.c
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss_engine_init.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- nss_engine_init.c 3 Oct 2005 14:59:26 -0000 1.14
+++ nss_engine_init.c 11 Oct 2005 15:01:34 -0000 1.15
@@ -756,11 +756,11 @@
nss_die();
}
- if (mctx->nickname != NULL)
+ if (mctx->nickname != NULL) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Using nickname %s.", mctx->nickname);
-
- mctx->servercert = FindServerCertFromNickname(mctx->nickname);
+ mctx->servercert = FindServerCertFromNickname(mctx->nickname);
+ }
/* Verify the certificate chain. */
if (mctx->servercert != NULL && mctx->as_server) {
@@ -812,8 +812,8 @@
if (mctx->servercert) {
mctx->serverkey = PK11_FindPrivateKeyFromCert(slot, mctx->servercert, NULL);
- PK11_FreeSlot(slot);
}
+ PK11_FreeSlot(slot);
if (mctx->as_server && mctx->serverkey == NULL) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
@@ -952,6 +952,16 @@
shutdowncache = 1;
}
+ if (sc->proxy_enabled) {
+ if (sc->proxy->servercert != NULL) {
+ CERT_DestroyCertificate(sc->proxy->servercert);
+ SECKEY_DestroyPrivateKey(sc->proxy->serverkey);
+ }
+
+ /* Closing this implicitly cleans up the copy of the certificates
+ * and keys associated with any SSL socket */
+ PR_Close(sc->proxy->model);
+ }
}
if (shutdowncache)
More information about the Fedora-directory-commits
mailing list