Avoids modifying certificate reference count, and thereby avoids locking.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
static int ct_extract_x509v3_extension_scts(SSL *s)
{
int scts_extracted = 0;
- X509 *cert = SSL_get_peer_certificate(s);
+ X509 *cert = s->session != NULL ? s->session->peer : NULL;
if (cert != NULL) {
STACK_OF(SCT) *scts =
ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
SCT_LIST_free(scts);
- X509_free(cert);
}
return scts_extracted;
int ssl_validate_ct(SSL *s)
{
int ret = 0;
- X509 *cert = SSL_get_peer_certificate(s);
+ X509 *cert = s->session != NULL ? s->session->peer : NULL;
X509 *issuer = NULL;
CT_POLICY_EVAL_CTX *ctx = NULL;
const STACK_OF(SCT) *scts;
end:
CT_POLICY_EVAL_CTX_free(ctx);
- X509_free(cert);
return ret;
}