summaryrefslogtreecommitdiffstats
path: root/src/ssl_ckch.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:19:41 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:19:41 +0000
commit38e50ba7714674bd75f8cff1ff428e8e47d20d08 (patch)
tree450b96fe88476549cc8779243daab748777e1754 /src/ssl_ckch.c
parentAdding debian version 2.9.5-1. (diff)
downloadhaproxy-38e50ba7714674bd75f8cff1ff428e8e47d20d08.tar.xz
haproxy-38e50ba7714674bd75f8cff1ff428e8e47d20d08.zip
Merging upstream version 2.9.6.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/ssl_ckch.c')
-rw-r--r--src/ssl_ckch.c23
1 files changed, 2 insertions, 21 deletions
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index ab39755..afe6ff6 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -721,27 +721,8 @@ void ssl_sock_free_cert_key_and_chain_contents(struct ckch_data *data)
X509_free(data->ocsp_issuer);
data->ocsp_issuer = NULL;
-
- /* We need to properly remove the reference to the corresponding
- * certificate_ocsp structure if it exists (which it should).
- */
-#if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
- if (data->ocsp_cid) {
- struct certificate_ocsp *ocsp = NULL;
- unsigned char certid[OCSP_MAX_CERTID_ASN1_LENGTH] = {};
- unsigned int certid_length = 0;
-
- if (ssl_ocsp_build_response_key(data->ocsp_cid, (unsigned char*)certid, &certid_length) >= 0) {
- HA_SPIN_LOCK(OCSP_LOCK, &ocsp_tree_lock);
- ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, certid, OCSP_MAX_CERTID_ASN1_LENGTH);
- HA_SPIN_UNLOCK(OCSP_LOCK, &ocsp_tree_lock);
- ssl_sock_free_ocsp(ocsp);
- }
-
- OCSP_CERTID_free(data->ocsp_cid);
- data->ocsp_cid = NULL;
- }
-#endif
+ OCSP_CERTID_free(data->ocsp_cid);
+ data->ocsp_cid = NULL;
}
/*