Move OCSP stapling information from a per-certificate store (ex_data attached to an X509 *) …
Show more
Merge r1629372, r1629485, r1629519 from trunk:Move OCSP stapling information from a per-certificate store(ex_data attached to an X509 *) to a per-server hash which isallocated from the pconf pool. Fixes PR 54357, PR 56919 anda leak with the certinfo_free cleanup function (missingOCSP_CERTID_free).* modules/ssl/ssl_util_stapling.c: drop certinfo_free, and add ssl_stapling_certid_free (used with apr_pool_cleanup_register). Switch to a stapling_certinfo hash which is keyed by the SHA-1 digest of the certificate's DER encoding, rework ssl_stapling_init_cert to only store info once per certificate (allocated from the pconf to the extent possible) and extend the logging.* modules/ssl/ssl_private.h: adjust prototype for ssl_stapling_init_cert, replace ssl_stapling_ex_init with ssl_stapling_certinfo_hash_init* modules/ssl/ssl_engine_init.c: adjust ssl_stapling_* callsBased on initial work by Alex Bligh <alex alex.org.uk>Follow up to r1629372: ensure compatibily with OpenSSL < 1.0 (sk_OPENSSL_STRING_value).Follow up to r1629372 and r1629485: ensure compatibily with OpenSSL < 1.0 (sk_OPENSSL_STRING_[num|value|pop] macros).Submitted by: kbrand, ylavic, ylavicReviewed/backported by: jim
Show less
