diff options
author | Steffan Karger | 2017-03-09 09:13:32 +0100 |
---|---|---|
committer | Gert Doering | 2017-03-15 20:45:06 +0100 |
commit | fd0361813cd3d5a55f3408a018e2ed776d79fef6 (patch) | |
tree | 825a74ade9cb0b259d287d9cd44dc66040679db0 /src/openvpn/ssl_verify.c | |
parent | 33e1a869fc6edb6bce5816b11dbecfaca57b20d4 (diff) | |
download | openvpn-fd0361813cd3d5a55f3408a018e2ed776d79fef6.zip openvpn-fd0361813cd3d5a55f3408a018e2ed776d79fef6.tar.gz |
Remove duplicate X509 env variables
Commit 13b585e8 added support for multiple X509 env variables with the
same name, but as a side effect caused these variables to pile up for
each renegotiation. The old code would simply overwrite the old variables
(as long as an equally-long chain was used for the new session).
To stop the variables from piling up, this commit removes any old X509
env variables if we start negotiating a new TLS session.
Trac: #854
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1489047212-31994-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14237.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/ssl_verify.c')
-rw-r--r-- | src/openvpn/ssl_verify.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index 9f12ab8..a6e9be3 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -1486,4 +1486,21 @@ verify_final_auth_checks(struct tls_multi *multi, struct tls_session *session) gc_free(&gc); } } + +void +tls_x509_clear_env(struct env_set *es) +{ + struct env_item *item = es->list; + while (item) + { + struct env_item *next = item->next; + if (item->string + && 0 == strncmp("X509_", item->string, strlen("X509_"))) + { + env_set_del(es, item->string); + } + item = next; + } +} + #endif /* ENABLE_CRYPTO */ |