From 98042804dff69afac74a7e2681efc0d00d207f2c Mon Sep 17 00:00:00 2001 From: Sara Golemon Date: Fri, 14 Feb 2020 16:58:01 +0000 Subject: SERVER-46174 Free peer certificate in SSL_get0_verified_chain polyfill --- src/mongo/util/net/ssl_manager_openssl.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/mongo/util/net/ssl_manager_openssl.cpp b/src/mongo/util/net/ssl_manager_openssl.cpp index ff5ae130e56..37f320c960b 100644 --- a/src/mongo/util/net/ssl_manager_openssl.cpp +++ b/src/mongo/util/net/ssl_manager_openssl.cpp @@ -94,6 +94,8 @@ using UniqueX509StoreCtx = std::unique_ptr>; +using UniqueX509 = std::unique_ptr>; + // Modulus for Diffie-Hellman parameter 'ffdhe3072' defined in RFC 7919 constexpr std::array ffdhe3072_p = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, @@ -296,11 +298,11 @@ struct VerifiedChainDeleter { STACK_OF(X509) * SSL_get0_verified_chain(SSL* s) { auto* store = SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)); - auto* peer = SSL_get_peer_certificate(s); + UniqueX509 peer(SSL_get_peer_certificate(s)); auto* peerChain = SSL_get_peer_cert_chain(s); UniqueX509StoreCtx ctx(X509_STORE_CTX_new()); - if (!X509_STORE_CTX_init(ctx.get(), store, peer, peerChain)) { + if (!X509_STORE_CTX_init(ctx.get(), store, peer.get(), peerChain)) { return nullptr; } @@ -410,8 +412,6 @@ using UniqueSSLContext = std::unique_ptr>; static const int BUFFER_SIZE = 8 * 1024; -using UniqueX509 = std::unique_ptr>; - class SSLManagerOpenSSL : public SSLManagerInterface { public: explicit SSLManagerOpenSSL(const SSLParams& params, bool isServer); -- cgit v1.2.1