fix leak of openssl X509 objects
SSL_get_peer_certificate() increments the refcount of the object.
This commit is contained in:
parent
8959c6b791
commit
f63e4338e8
11
src/socket.c
11
src/socket.c
|
@ -176,22 +176,29 @@ verify_cert_host( const server_conf_t *conf, conn_t *sock )
|
|||
|
||||
trusted = (STACK_OF(X509_OBJECT) *)sock->conf->trusted_certs;
|
||||
for (i = 0; i < sk_X509_OBJECT_num( trusted ); i++) {
|
||||
if (!X509_cmp( cert, X509_OBJECT_get0_X509( sk_X509_OBJECT_value( trusted, i ) ) ))
|
||||
if (!X509_cmp( cert, X509_OBJECT_get0_X509( sk_X509_OBJECT_value( trusted, i ) ) )) {
|
||||
X509_free( cert );
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
err = SSL_get_verify_result( sock->ssl );
|
||||
if (err != X509_V_OK) {
|
||||
error( "SSL error connecting %s: %s\n", sock->name, X509_verify_cert_error_string( err ) );
|
||||
X509_free( cert );
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!conf->host) {
|
||||
error( "SSL error connecting %s: Neither host nor matching certificate specified\n", sock->name );
|
||||
X509_free( cert );
|
||||
return -1;
|
||||
}
|
||||
|
||||
return verify_hostname( cert, conf->host );
|
||||
int ret = verify_hostname( cert, conf->host );
|
||||
|
||||
X509_free( cert );
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int
|
||||
|
|
Loading…
Reference in New Issue
Block a user