diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2020-02-14 16:58:01 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-02-15 03:50:40 +0000 |
commit | 24b02a2342f59e9f6f3d5ad775252d48a2731d7b (patch) | |
tree | 1eee0809b681fe047573f38daf8fb7bd6a1e5783 | |
parent | a0e45571da2175ac30c715b20c1d630ef4b1d0e1 (diff) | |
download | mongo-24b02a2342f59e9f6f3d5ad775252d48a2731d7b.tar.gz |
SERVER-46174 Free peer certificate in SSL_get0_verified_chain polyfill
(cherry picked from commit 98042804dff69afac74a7e2681efc0d00d207f2c)
-rw-r--r-- | src/mongo/util/net/ssl_manager.cpp | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp index 3ad394a05f1..e28a1355ebb 100644 --- a/src/mongo/util/net/ssl_manager.cpp +++ b/src/mongo/util/net/ssl_manager.cpp @@ -291,13 +291,22 @@ struct VerifiedChainDeleter { } }; +struct UniqueX509Deleter { + void operator()(X509* cert) { + if (cert) { + X509_free(cert); + } + } +}; +using UniqueX509 = std::unique_ptr<X509, UniqueX509Deleter>; + STACK_OF(X509) * SSL_get0_verified_chain(SSL* s) { auto* store = SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)); - auto* peer = SSL_get_peer_certificate(s); + UniqueX509 peer(SSL_get_peer_certificate(s)); auto* peerChain = SSL_get_peer_cert_chain(s); UniqueX509StoreCtx ctx(X509_STORE_CTX_new()); - if (!X509_STORE_CTX_init(ctx.get(), store, peer, peerChain)) { + if (!X509_STORE_CTX_init(ctx.get(), store, peer.get(), peerChain)) { return nullptr; } |