openssl: free peer certificate after validating it
authorFelix Fietkau <nbd@openwrt.org>
Thu, 3 Apr 2014 14:53:40 +0000 (16:53 +0200)
committerFelix Fietkau <nbd@openwrt.org>
Thu, 3 Apr 2014 14:53:40 +0000 (16:53 +0200)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
ustream-openssl.c

index efae44c28dd035022a5a3d783426191455636c1d..787cc383a818644b9ce5624aa4a2c26bf05efc11 100644 (file)
@@ -220,10 +220,6 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
        X509 *cert;
        int res;
 
-       cert = SSL_get_peer_certificate(ssl);
-       if (!cert)
-               return;
-
        res = SSL_get_verify_result(ssl);
        if (res != X509_V_OK) {
                if (us->notify_verify_error)
@@ -231,8 +227,13 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
                return;
        }
 
+       cert = SSL_get_peer_certificate(ssl);
+       if (!cert)
+               return;
+
        us->valid_cert = true;
        us->valid_cn = ustream_ssl_verify_cn(us, cert);
+       X509_free(cert);
 }
 
 #endif