Avoid closing the certificate file twice. Tweak make-chained-cert.sh script to

generate long-lasting certificates no matter the system defaults. git-svn-id: https://shellinabox.googlecode.com/svn/trunk@91 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-03-29 22:20:59 +00:00 · 2009-03-29 22:20:59 +00:00 · 3edcc43298
commit 3edcc43298
parent 1ea698ad72
5 changed files with 7 additions and 6 deletions
--- a/config.h
+++ b/config.h
@ -95,7 +95,7 @@
 #define STDC_HEADERS 1

 /* Most recent revision number in the version control system */
-#define VCS_REVISION "90"
+#define VCS_REVISION "91"

 /* Version number of package */
 #define VERSION "2.5"
--- a/2
+++ b/2
@ -2055,7 +2055,7 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
 ac_compiler_gnu=$ac_cv_c_compiler_gnu


-VCS_REVISION=90
+VCS_REVISION=91


 cat >>confdefs.h <<_ACEOF
--- a/configure.ac
+++ b/configure.ac
@ -2,7 +2,7 @@ AC_PREREQ(2.57)

 dnl This is the one location where the authoritative version number is stored
 AC_INIT(shellinabox, 2.5, markus@shellinabox.com)
-VCS_REVISION=90
+VCS_REVISION=91
 AC_SUBST(VCS_REVISION)
 AC_DEFINE_UNQUOTED(VCS_REVISION, "${VCS_REVISION}",
                   [Most recent revision number in the version control system])
--- a/libhttp/ssl.c
+++ b/libhttp/ssl.c
@ -492,7 +492,6 @@ static int sslSetCertificateFromFile(SSL_CTX *context,
    return -1;
  }
  int rc = sslSetCertificateFromFd(context, fd);
-  NOINTR(close(fd));
  return rc;
 }
 #endif
@ -664,10 +663,12 @@ static char *sslFdToFilename(int fd) {
 void sslSetCertificateFd(struct SSLSupport *ssl, int fd) {
 #ifdef HAVE_OPENSSL
  check(ssl->sslContext = SSL_CTX_new(SSLv23_server_method()));
+  char *filename = sslFdToFilename(fd);
  if (!sslSetCertificateFromFd(ssl->sslContext, fd)) {
    fatal("Cannot read valid certificate from %s. Check file format.",
-          sslFdToFilename(fd));
+          filename);
  }
+  free(filename);
  ssl->generateMissing  = 0;
 #endif
 }
--- a/make-chained-cert.sh
+++ b/make-chained-cert.sh
@ -18,7 +18,7 @@ openssl req -nodes -new -keyout /dev/stdout                                   \
            2>/dev/null | cat

 openssl ca -batch -keyfile "${tmp}/ca-key.pem" -cert "${tmp}/ca-cert.crt"     \
-           -notext -policy policy_anything -out /dev/stdout                   \
+           -notext -policy policy_anything -days 7300 -out /dev/stdout        \
           -infiles "${tmp}/ssl-req.pem" 2>/dev/null | cat
 cat "${tmp}/ca-cert.crt"