openssl: free peer certificate after validating it

author Felix Fietkau <nbd@openwrt.org>

Thu, 3 Apr 2014 14:53:40 +0000 (16:53 +0200)

committer Felix Fietkau <nbd@openwrt.org>

Thu, 3 Apr 2014 14:53:40 +0000 (16:53 +0200)
author Felix Fietkau <nbd@openwrt.org>
Thu, 3 Apr 2014 14:53:40 +0000 (16:53 +0200)
committer Felix Fietkau <nbd@openwrt.org>
Thu, 3 Apr 2014 14:53:40 +0000 (16:53 +0200)
diff --git a/ustream-openssl.c b/ustream-openssl.c

index efae44c28dd035022a5a3d783426191455636c1d..787cc383a818644b9ce5624aa4a2c26bf05efc11 100644 (file)
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -220,10 +220,6 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
         X509 *cert;
         int res;
  
-       cert = SSL_get_peer_certificate(ssl);
-       if (!cert)
-               return;
-
         res = SSL_get_verify_result(ssl);
         if (res != X509_V_OK) {
                 if (us->notify_verify_error)
@@ -231,8 +227,13 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
                 return;
         }
  
+       cert = SSL_get_peer_certificate(ssl);
+       if (!cert)
+               return;
+
         us->valid_cert = true;
         us->valid_cn = ustream_ssl_verify_cn(us, cert);
+       X509_free(cert);
  }
  
  #endif
author	Felix Fietkau <nbd@openwrt.org>
	Thu, 3 Apr 2014 14:53:40 +0000 (16:53 +0200)
committer	Felix Fietkau <nbd@openwrt.org>
	Thu, 3 Apr 2014 14:53:40 +0000 (16:53 +0200)