Fix loading more than one certificate in PEM format in X509_load_cert_file_ex()

[openssl.git] / crypto / x509 / by_file.c

diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 450bbba0537b6a20adf923e0cae58254804b4f19..5073c137a20b1ca7ccd1ba1e64e716c1db79c734 100644 (file)
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -128,6 +128,17 @@ int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
                 count = 0;
                 goto err;
             }
+            /*
+             * X509_STORE_add_cert() added a reference rather than a copy,
+             * so we need a fresh X509 object.
+             */
+            X509_free(x);
+            x = X509_new_ex(libctx, propq);
+            if (x == NULL) {
+                ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB);
+                count = 0;
+                goto err;
+            }
             count++;
         }
     } else if (type == X509_FILETYPE_ASN1) {