From 904500fd9f62ee1f30a9134d197e77ee5c6a1e72 Mon Sep 17 00:00:00 2001 From: Roman Rybalko Date: Fri, 26 Dec 2014 21:06:51 +0300 Subject: [PATCH] tls_in_peerdn/tls_in_peercert fix for OpenSSL --- src/src/tls-openssl.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 18994eaa93..6cef573853 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -277,7 +277,12 @@ verify_callback(int state, X509_STORE_CTX *x509ctx, X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx); static uschar txt[256]; +if (tlsp->peercert) + X509_free(tlsp->peercert); +tlsp->peercert = X509_dup(cert); + X509_NAME_oneline(X509_get_subject_name(cert), CS txt, sizeof(txt)); +tlsp->peerdn = txt; if (state == 0) { @@ -289,7 +294,6 @@ if (state == 0) *calledp = TRUE; if (!*optionalp) { - tlsp->peercert = X509_dup(cert); return 0; /* reject */ } DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in " @@ -318,9 +322,6 @@ else uschar * verify_cert_hostnames; #endif - tlsp->peerdn = txt; - tlsp->peercert = X509_dup(cert); - #ifdef EXPERIMENTAL_CERTNAMES if ( tlsp == &tls_out && ((verify_cert_hostnames = client_static_cbinfo->verify_cert_hostnames)))