From: Lee Date: Fri, 4 Aug 2023 22:08:17 +0000 (-0400) Subject: create_client_ssl_connection(): Don't keep the certificate lock longer than necessary X-Git-Tag: v_4_0_0~172 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/developer-manual/man-page/static/%3C?a=commitdiff_plain;h=030ebb174b015574c858d5ac6da9ad4a3cb6112a;p=privoxy.git create_client_ssl_connection(): Don't keep the certificate lock longer than necessary --- diff --git a/openssl.c b/openssl.c index 44e21b20..2841c125 100644 --- a/openssl.c +++ b/openssl.c @@ -790,17 +790,16 @@ extern int create_client_ssl_connection(struct client_state *csp) * certificate and key inconsistence must be locked. */ privoxy_mutex_lock(&certificate_mutex); - ret = generate_host_certificate(csp); + privoxy_mutex_unlock(&certificate_mutex); + if (ret < 0) { log_error(LOG_LEVEL_ERROR, "generate_host_certificate failed: %d", ret); - privoxy_mutex_unlock(&certificate_mutex); ret = -1; goto exit; } - privoxy_mutex_unlock(&certificate_mutex); if (!(ssl_attr->openssl_attr.ctx = SSL_CTX_new(SSLv23_server_method()))) { diff --git a/ssl.c b/ssl.c index afd9af45..0df73334 100644 --- a/ssl.c +++ b/ssl.c @@ -325,17 +325,16 @@ extern int create_client_ssl_connection(struct client_state *csp) * certificate and key inconsistence must be locked. */ privoxy_mutex_lock(&certificate_mutex); - ret = generate_host_certificate(csp); + privoxy_mutex_unlock(&certificate_mutex); + if (ret < 0) { log_error(LOG_LEVEL_ERROR, "generate_host_certificate failed: %d", ret); - privoxy_mutex_unlock(&certificate_mutex); ret = -1; goto exit; } - privoxy_mutex_unlock(&certificate_mutex); /* * Seed the RNG