diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2020-02-14 16:58:01 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-02-14 23:46:59 +0000 |
commit | 98042804dff69afac74a7e2681efc0d00d207f2c (patch) | |
tree | 3e239a26a84dad148407469aaf74d0a8b3a334b5 | |
parent | cb1a4f9b3cb40f895eaa8237e749ce40f8134c8f (diff) | |
download | mongo-98042804dff69afac74a7e2681efc0d00d207f2c.tar.gz |
SERVER-46174 Free peer certificate in SSL_get0_verified_chain polyfill
-rw-r--r-- | src/mongo/util/net/ssl_manager_openssl.cpp | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp index ff5ae130e56..37f320c960b 100644 --- a/src/mongo/util/net/ssl_manager_openssl.cpp +++ b/src/mongo/util/net/ssl_manager_openssl.cpp @@ -94,6 +94,8 @@ using UniqueX509StoreCtx = std::unique_ptr<X509_STORE_CTX, OpenSSLDeleter<decltype(X509_STORE_CTX_free), ::X509_STORE_CTX_free>>; +using UniqueX509 = std::unique_ptr<X509, OpenSSLDeleter<decltype(X509_free), ::X509_free>>; + // Modulus for Diffie-Hellman parameter 'ffdhe3072' defined in RFC 7919 constexpr std::array<std::uint8_t, 384> ffdhe3072_p = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, @@ -296,11 +298,11 @@ struct VerifiedChainDeleter { STACK_OF(X509) * SSL_get0_verified_chain(SSL* s) { auto* store = SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)); - auto* peer = SSL_get_peer_certificate(s); + UniqueX509 peer(SSL_get_peer_certificate(s)); auto* peerChain = SSL_get_peer_cert_chain(s); UniqueX509StoreCtx ctx(X509_STORE_CTX_new()); - if (!X509_STORE_CTX_init(ctx.get(), store, peer, peerChain)) { + if (!X509_STORE_CTX_init(ctx.get(), store, peer.get(), peerChain)) { return nullptr; } @@ -410,8 +412,6 @@ using UniqueSSLContext = std::unique_ptr<SSL_CTX, OpenSSLDeleter<decltype(::SSL_CTX_free), ::SSL_CTX_free>>; static const int BUFFER_SIZE = 8 * 1024; -using UniqueX509 = std::unique_ptr<X509, OpenSSLDeleter<decltype(X509_free), ::X509_free>>; - class SSLManagerOpenSSL : public SSLManagerInterface { public: explicit SSLManagerOpenSSL(const SSLParams& params, bool isServer); |