}
certstart = certbytes;
- x = d2i_X509(NULL, (const unsigned char **)&certbytes, cert_len);
+ x = X509_new_with_libctx(s->ctx->libctx, s->ctx->propq);
if (x == NULL) {
+ SSLfatal(s, SSL_AD_DECODE_ERROR,
+ SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ SSLerr(0, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (d2i_X509(&x, (const unsigned char **)&certbytes,
+ cert_len) == NULL) {
SSLfatal(s, SSL_AD_BAD_CERTIFICATE,
SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
goto err;
}
+
if (certbytes != (certstart + cert_len)) {
SSLfatal(s, SSL_AD_DECODE_ERROR,
SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,