From 0461b7ea7bd1112c4fa357545fc8a456138ed3af Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 26 Apr 2016 18:25:39 +0100
Subject: [PATCH 1/1] Don't leak X509_OBJECT in an error path

Swap the ordering of some code to avoid a leak in an error path.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 apps/s_server.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index 08753c30fd..c998fcdebc 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -576,13 +576,13 @@ static int cert_status_cb(SSL *s, void *arg)
         BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
         goto done;
     }
-    req = OCSP_REQUEST_new();
-    if (req == NULL)
-        goto err;
     id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
     X509_OBJECT_free(obj);
     if (!id)
         goto err;
+    req = OCSP_REQUEST_new();
+    if (req == NULL)
+        goto err;
     if (!OCSP_request_add0_id(req, id))
         goto err;
     id = NULL;
-- 
2.34.1