X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=openssl.c;h=4a0e23b34c91534664f69e7aa9fe73f644e79143;hp=3c264f16301c81eb134616e21b2f05918b926de2;hb=7390e59b4968fde204bffcf1576a90215a43abfe;hpb=3e7f4235d8f86a406a9fc7a8f7d4d09a0516d7ed diff --git a/openssl.c b/openssl.c index 3c264f16..4a0e23b3 100644 --- a/openssl.c +++ b/openssl.c @@ -55,7 +55,7 @@ #define CERTIFICATE_AUTHORITY_KEY "keyid:always" #define CERTIFICATE_ALT_NAME_PREFIX "DNS:" #define CERTIFICATE_VERSION 2 -#define VALID_DATETIME_FMT "%Y%m%d%H%M%SZ" +#define VALID_DATETIME_FMT "%y%m%d%H%M%SZ" #define VALID_DATETIME_BUFLEN 16 static int generate_webpage_certificate(struct client_state *csp); @@ -944,6 +944,7 @@ static void free_client_ssl_structures(struct client_state *csp) extern void close_server_ssl_connection(struct client_state *csp) { struct ssl_attr *ssl_attr = &csp->ssl_server_attr; + SSL *ssl; if (csp->ssl_with_server_is_opened == 0) { @@ -954,6 +955,20 @@ extern void close_server_ssl_connection(struct client_state *csp) * Notifying the peer that the connection is being closed. */ BIO_ssl_shutdown(ssl_attr->openssl_attr.bio); + if (BIO_get_ssl(ssl_attr->openssl_attr.bio, &ssl) != 1) + { + log_ssl_errors(LOG_LEVEL_ERROR, + "BIO_get_ssl() failed in close_server_ssl_connection()"); + } + else + { + /* + * Pretend we received a shutdown alert so + * the BIO_free_all() call later on returns + * quickly. + */ + SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); + } free_server_ssl_structures(csp); csp->ssl_with_server_is_opened = 0; } @@ -1563,6 +1578,7 @@ static int ssl_certificate_is_invalid(const char *cert_file) { log_ssl_errors(LOG_LEVEL_ERROR, "Error checking certificate %s validity", cert_file); + ret = -1; } X509_free(cert); @@ -2163,12 +2179,14 @@ extern void ssl_release(void) { if (ssl_inited == 1) { +#ifndef OPENSSL_NO_COMP SSL_COMP_free_compression_methods(); - +#endif CONF_modules_free(); CONF_modules_unload(1); - +#ifndef OPENSSL_NO_COMP COMP_zlib_cleanup(); +#endif ERR_free_strings(); EVP_cleanup();