andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Correctly delete SelfSignedCertificate once done with it.

Browse Source 
Motivation:

In OpenSsl init code we create a SelfSignedCertificate which we not explicitly delete. This can lead to have the deletion delayed.

Modifications:

Delete the SelfSignedCertificate once done with it.

Result:

Fixes [#6716]
This commit is contained in:
Norman Maurer 2017-05-08 19:57:26 +02:00
parent 63f5cdb0d5
commit ec935c5a7b
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
handler/src/main/java/io/netty/handler/ssl/OpenSsl.java
View File

@ -122,6 +122,7 @@ public final class OpenSsl {
final long sslCtx = SSLContext.make(SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER); final long sslCtx = SSLContext.make(SSL.SSL_PROTOCOL_ALL, SSL.SSL_MODE_SERVER);
long privateKeyBio = 0; long privateKeyBio = 0;
long certBio = 0; long certBio = 0;
SelfSignedCertificate cert = null;
try { try {
SSLContext.setCipherSuite(sslCtx, "ALL"); SSLContext.setCipherSuite(sslCtx, "ALL");
final long ssl = SSL.newSSL(sslCtx, true); final long ssl = SSL.newSSL(sslCtx, true);
@ -140,7 +141,7 @@ public final class OpenSsl {
logger.debug("Hostname Verification not supported."); logger.debug("Hostname Verification not supported.");
} }
try { try {
SelfSignedCertificate cert = new SelfSignedCertificate(); cert = new SelfSignedCertificate();
certBio = ReferenceCountedOpenSslContext.toBIO(cert.cert()); certBio = ReferenceCountedOpenSslContext.toBIO(cert.cert());
SSL.setCertificateChainBio(ssl, certBio, false); SSL.setCertificateChainBio(ssl, certBio, false);
supportsKeyManagerFactory = true; supportsKeyManagerFactory = true;
@ -166,6 +167,9 @@ public final class OpenSsl {
if (certBio != 0) { if (certBio != 0) {
SSL.freeBIO(certBio); SSL.freeBIO(certBio);
} }
if (cert != null) {
cert.delete();
}
} }
} finally { } finally {
SSLContext.free(sslCtx); SSLContext.free(sslCtx);