diff options
| -rw-r--r-- | ci/travis.sh | 12 | ||||
| -rw-r--r-- | program/src/cert_session.cpp | 18 |
2 files changed, 20 insertions, 10 deletions
diff --git a/ci/travis.sh b/ci/travis.sh index 79a796c..36b02a6 100644 --- a/ci/travis.sh +++ b/ci/travis.sh @@ -7,12 +7,12 @@ chmod +x ci/get-nprocessors.sh # if possible, ask for the precise number of processors, # otherwise take 2 processors as reasonable default; see # https://docs.travis-ci.com/user/speeding-up-the-build/#Makefile-optimization -if [ -x /usr/bin/getconf ]; then - NPROCESSORS=$(/usr/bin/getconf _NPROCESSORS_ONLN) -else - NPROCESSORS=2 -fi - +#if [ -x /usr/bin/getconf ]; then +# NPROCESSORS=$(/usr/bin/getconf _NPROCESSORS_ONLN) +#else +# NPROCESSORS=2 +#fi +NPROCESSORS=1 # as of 2017-09-04 Travis CI reports 32 processors, but GCC build # crashes if parallelized too much (maybe memory consumption problem), # so limit to 4 processors for the time being. diff --git a/program/src/cert_session.cpp b/program/src/cert_session.cpp index dfcf803..d2bd30a 100644 --- a/program/src/cert_session.cpp +++ b/program/src/cert_session.cpp @@ -862,7 +862,7 @@ int X509_hsm_sign(X509* x509, unsigned long mech, CK_SESSION_HANDLE session) CK_OBJECT_HANDLE hObject = 0; #ifdef SOHT_HSM_ENABLE - mech = CKM_CERTEX_GOSTR3410_2001; + mech = CKM_SHA256_RSA_PKCS; xret = soft_find_object(session, CKO_PRIVATE_KEY, &hObject); #else xret = x509_find_object(session, &hObject); @@ -1039,8 +1039,6 @@ X509 *ssl_x509_forge(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, in return crt; errout: X509_free(crt); - if(key) - EVP_PKEY_free(key); err: return NULL; } @@ -1537,8 +1535,11 @@ static int redis_clnt_pdu_send(struct tfe_http_request *request) char *sign = NULL, pkey[SG_DATA_SIZE] = {0}; uint64_t expire_time = x509_online_append(&thread->def, request, &sign, pkey, &stack_ca); - if (sign == NULL && pkey[0] == '\0') + if (sign == NULL || pkey[0] == '\0') { + if (request->origin) + X509_free(request->origin); + request_destroy(request); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to sign certificate"); evhttp_socket_send_error(request->evh_req, HTTP_NOTFOUND); return xret; @@ -1902,6 +1903,7 @@ void http_get_cb(struct evhttp_request *evh_req, void *arg) { if (xret == -2) { + request_destroy(request); evhttp_send_reply(evh_req, 200, "OK", NULL); goto finish; } @@ -2277,6 +2279,14 @@ void sigproc(int __attribute__((__unused__))sig) for (tid = 0; tid < g_certstore_policy->thread_nu; tid++) { thread = threads + tid; + + struct x509_object_ctx *def = &thread->def; + + if(def->root) X509_free(def->root); + if(def->key) EVP_PKEY_free(def->key); + if(def->insec_root) X509_free(def->insec_root); + if(def->insec_key) EVP_PKEY_free(def->insec_key); + if (thread->sync) { redisAsyncDisconnect(thread->cl_ctx); |