diff options
author | Bodo Möller <bodo@openssl.org> | 2000-12-15 16:40:35 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2000-12-15 16:40:35 +0000 |
commit | 3ac82faae5eb02140f347610be0726f549a0aa0a (patch) | |
tree | 66436fe17f2753bb728a1455a5d8763b6c00c5d3 /ssl/ssl_cert.c | |
parent | c08523d862276964e65d6a1de07439b9d0c2a6da (diff) | |
download | openssl-3ac82faae5eb02140f347610be0726f549a0aa0a.tar.gz |
Locking issues.
Diffstat (limited to 'ssl/ssl_cert.c')
-rw-r--r-- | ssl/ssl_cert.c | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 130bb79068..85d58c8668 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -129,15 +129,23 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void) { - static int ssl_x509_store_ctx_idx= -1; + static volatile int ssl_x509_store_ctx_idx= -1; - /* FIXME: should do locking */ if (ssl_x509_store_ctx_idx < 0) { - ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( - 0,"SSL for verify callback",NULL,NULL,NULL); + /* any write lock will do; usually this branch + * will only be taken once anyway */ + CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); + + if (ssl_x509_store_ctx_idx < 0) + { + ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( + 0,"SSL for verify callback",NULL,NULL,NULL); + } + + CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); } - return(ssl_x509_store_ctx_idx); + return ssl_x509_store_ctx_idx; } CERT *ssl_cert_new(void) @@ -452,13 +460,15 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) if (SSL_get_verify_depth(s) >= 0) X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); + /* We need to set the verify purpose. The purpose can be determined by * the context: if its a server it will verify SSL client certificates * or vice versa. - */ - - if(s->server) i = X509_PURPOSE_SSL_CLIENT; - else i = X509_PURPOSE_SSL_SERVER; + */ + if (s->server) + i = X509_PURPOSE_SSL_CLIENT; + else + i = X509_PURPOSE_SSL_SERVER; X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); |