CT code now calls X509_free() after calling SSL_get_peer_certificate()

Without this, the peer certificate would never be deleted, resulting in a memory leak. Reviewed-by: Emilia Käsper <emilia@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 17:23:39 +00:00 · 2016-03-07 17:23:39 +00:00 · 1cb437bedb
commit 1cb437bedb
parent 147e54a77e
1 changed files with 2 additions and 0 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -3941,6 +3941,7 @@ static int ct_extract_x509v3_extension_scts(SSL *s)
            ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);

        SCT_LIST_free(scts);
+        X509_free(cert);
    }

    return scts_extracted;
@ -4071,6 +4072,7 @@ int SSL_validate_ct(SSL *s)

 end:
    CT_POLICY_EVAL_CTX_free(ctx);
+    X509_free(cert);
    return ret;
 }