From: Kurt Roeckx <kurt@roeckx.be>
Date: Tue, 24 Nov 2015 20:53:40 +0000 (+0100)
Subject: Set reference count earlier
X-Git-Tag: OpenSSL_1_0_1q~12
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=0b5f9ce37bd0e4030faf6af9e1b6356693239576;p=oweals%2Fopenssl.git

Set reference count earlier

Backport of 0e04674e964b905e67e3d215bcf888932c92765f

Reviewed-by: Steve Henson <steve@openssl.org>

RT #4047, #4110, MR #1356
---

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 5df2413f71..9a4e104149 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -206,6 +206,7 @@ CERT *ssl_cert_dup(CERT *cert)
 
     memset(ret, 0, sizeof(CERT));
 
+    ret->references = 1;
     ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
     /*
      * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
@@ -282,7 +283,6 @@ CERT *ssl_cert_dup(CERT *cert)
      * chain is held inside SSL_CTX
      */
 
-    ret->references = 1;
     /*
      * Set digests to defaults. NB: we don't copy existing values as they
      * will be set during handshake.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9cfeaf33ae..93d1cbe438 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -307,6 +307,7 @@ SSL *SSL_new(SSL_CTX *ctx)
     s->options = ctx->options;
     s->mode = ctx->mode;
     s->max_cert_list = ctx->max_cert_list;
+    s->references = 1;
 
     if (ctx->cert != NULL) {
         /*
@@ -375,7 +376,6 @@ SSL *SSL_new(SSL_CTX *ctx)
     if (!s->method->ssl_new(s))
         goto err;
 
-    s->references = 1;
     s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
 
     SSL_clear(s);