From 36f038f1041f9f31878f75b567959ceae08eb34e Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 30 Jun 2015 13:58:25 +0100
Subject: [PATCH] Dup peer_chain properly in SSL_SESSION

Reviewed-by: Matt Caswell <matt@openssl.org>
---
 ssl/ssl_sess.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 03c6ac087d..9063bca415 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -268,6 +268,12 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
     if (src->peer != NULL)
         CRYPTO_add(&src->peer->references, 1, CRYPTO_LOCK_X509);
 
+    if (src->peer_chain != NULL) {
+        dest->peer_chain = X509_chain_up_ref(src->peer_chain);
+        if (dest->peer_chain == NULL)
+            goto err;
+    }
+
 #ifndef OPENSSL_NO_PSK
     if (src->psk_identity_hint) {
         dest->psk_identity_hint = BUF_strdup(src->psk_identity_hint);
-- 
2.25.1