From: Lee <ler762@users.sourceforge.net>
Date: Fri, 4 Aug 2023 22:08:17 +0000 (-0400)
Subject: create_client_ssl_connection(): Don't keep the certificate lock longer than necessary
X-Git-Tag: v_4_0_0~172
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/@default-cgi@toggle?a=commitdiff_plain;h=030ebb174b015574c858d5ac6da9ad4a3cb6112a;p=privoxy.git

create_client_ssl_connection(): Don't keep the certificate lock longer than necessary
---

diff --git a/openssl.c b/openssl.c
index 44e21b20..2841c125 100644
--- a/openssl.c
+++ b/openssl.c
@@ -790,17 +790,16 @@ extern int create_client_ssl_connection(struct client_state *csp)
     * certificate and key inconsistence must be locked.
     */
    privoxy_mutex_lock(&certificate_mutex);
-
    ret = generate_host_certificate(csp);
+   privoxy_mutex_unlock(&certificate_mutex);
+
    if (ret < 0)
    {
       log_error(LOG_LEVEL_ERROR,
          "generate_host_certificate failed: %d", ret);
-      privoxy_mutex_unlock(&certificate_mutex);
       ret = -1;
       goto exit;
    }
-   privoxy_mutex_unlock(&certificate_mutex);
 
    if (!(ssl_attr->openssl_attr.ctx = SSL_CTX_new(SSLv23_server_method())))
    {
diff --git a/ssl.c b/ssl.c
index afd9af45..0df73334 100644
--- a/ssl.c
+++ b/ssl.c
@@ -325,17 +325,16 @@ extern int create_client_ssl_connection(struct client_state *csp)
     * certificate and key inconsistence must be locked.
     */
    privoxy_mutex_lock(&certificate_mutex);
-
    ret = generate_host_certificate(csp);
+   privoxy_mutex_unlock(&certificate_mutex);
+
    if (ret < 0)
    {
       log_error(LOG_LEVEL_ERROR,
          "generate_host_certificate failed: %d", ret);
-      privoxy_mutex_unlock(&certificate_mutex);
       ret = -1;
       goto exit;
    }
-   privoxy_mutex_unlock(&certificate_mutex);
 
    /*
     * Seed the RNG