fix leak of openssl X509 objects

SSL_get_peer_certificate() increments the refcount of the object.
This commit is contained in:
Oswald Buddenhagen 2019-07-28 11:46:43 +02:00
parent 8959c6b791
commit f63e4338e8

View File

@ -176,22 +176,29 @@ verify_cert_host( const server_conf_t *conf, conn_t *sock )
trusted = (STACK_OF(X509_OBJECT) *)sock->conf->trusted_certs;
for (i = 0; i < sk_X509_OBJECT_num( trusted ); i++) {
if (!X509_cmp( cert, X509_OBJECT_get0_X509( sk_X509_OBJECT_value( trusted, i ) ) ))
if (!X509_cmp( cert, X509_OBJECT_get0_X509( sk_X509_OBJECT_value( trusted, i ) ) )) {
X509_free( cert );
return 0;
}
}
err = SSL_get_verify_result( sock->ssl );
if (err != X509_V_OK) {
error( "SSL error connecting %s: %s\n", sock->name, X509_verify_cert_error_string( err ) );
X509_free( cert );
return -1;
}
if (!conf->host) {
error( "SSL error connecting %s: Neither host nor matching certificate specified\n", sock->name );
X509_free( cert );
return -1;
}
return verify_hostname( cert, conf->host );
int ret = verify_hostname( cert, conf->host );
X509_free( cert );
return ret;
}
static int