upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 00:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#6980 free the result of SSL_PeerCertificate

Browse source 
In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate.  This value is allocated and/or cached.  We must
destroy it using CERT_DestroyCertificate.
This commit is contained in:
Rich Megginson 2011-06-29 10:47:10 -06:00 committed by Howard Chu
parent 7ee3dee647
commit d944920fd3
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
libraries/libldap/tls_m.c
View file

@ -1030,10 +1030,12 @@ tlsm_auth_cert_handler(void *arg, PRFileDesc *fd,
{
SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
SECStatus ret = SECSuccess;
CERTCertificate *peercert = SSL_PeerCertificate( fd );
ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, peercert,
SSL_RevealPinArg( fd ),
checksig, certUsage, 0 );
CERT_DestroyCertificate( peercert );
return ret;
}