projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
147e54a
)
CT code now calls X509_free() after calling SSL_get_peer_certificate()
author
Rob Percival
<robpercival@google.com>
Mon, 7 Mar 2016 17:23:39 +0000
(17:23 +0000)
committer
Rich Salz
<rsalz@openssl.org>
Mon, 7 Mar 2016 19:44:04 +0000
(14:44 -0500)
Without this, the peer certificate would never be deleted, resulting in
a memory leak.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
ssl/ssl_lib.c
patch
|
blob
|
history
diff --git
a/ssl/ssl_lib.c
b/ssl/ssl_lib.c
index 40c4171dec95fcb5317aa4371af069d4acdb0492..65558e01743e550c0864712f9f29cf6ec5d4abe5 100644
(file)
--- a/
ssl/ssl_lib.c
+++ b/
ssl/ssl_lib.c
@@
-3941,6
+3941,7
@@
static int ct_extract_x509v3_extension_scts(SSL *s)
ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
SCT_LIST_free(scts);
ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
SCT_LIST_free(scts);
+ X509_free(cert);
}
return scts_extracted;
}
return scts_extracted;
@@
-4071,6
+4072,7
@@
int SSL_validate_ct(SSL *s)
end:
CT_POLICY_EVAL_CTX_free(ctx);
end:
CT_POLICY_EVAL_CTX_free(ctx);
+ X509_free(cert);
return ret;
}
return ret;
}