Commit 8be2a79099e636a05ddbc2a2f923afc27ca1e019

Etienne Samson 2017-12-05T23:21:05

openssl: free the peer certificate Per SSL_get_peer_certificate docs: ``` The reference count of the X509 object is incremented by one, so that it will not be destroyed when the session containing the peer certificate is freed. The X509 object must be explicitly freed using X509_free(). ```

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
diff --git a/src/streams/openssl.c b/src/streams/openssl.c
index 49a551b..9d56607 100644
--- a/src/streams/openssl.c
+++ b/src/streams/openssl.c
@@ -332,7 +332,7 @@ static int check_host_name(const char *name, const char *host)
 
 static int verify_server_cert(SSL *ssl, const char *host)
 {
-	X509 *cert;
+	X509 *cert = NULL;
 	X509_NAME *peer_name;
 	ASN1_STRING *str;
 	unsigned char *peer_cn = NULL;
@@ -458,6 +458,7 @@ on_error:
 	goto cleanup;
 
 cleanup:
+	X509_free(cert);
 	OPENSSL_free(peer_cn);
 	return error;
 }