Bug 1318561 - Free CA name list, r=ttaubert

Differential Revision: https://nss-review.dev.mozaws.net/D79

3 files changed, 11 insertions, 0 deletions

diff --git a/gtests/common/scoped_ptrs.h b/gtests/common/scoped_ptrs.h
index dd609feb6..9a93e78c3 100644
--- a/gtests/common/scoped_ptrs.h
+++ b/gtests/common/scoped_ptrs.h
@@ -19,6 +19,9 @@ struct ScopedDelete {
   void operator()(CERTCertificateList* list) {
     CERT_DestroyCertificateList(list);
   }
+  void operator()(CERTCertList* list) {
+    CERT_DestroyCertList(list);
+  }
   void operator()(CERTSubjectPublicKeyInfo* spki) {
     SECKEY_DestroySubjectPublicKeyInfo(spki);
   }
@@ -44,6 +47,7 @@ struct ScopedMaybeDelete {
 
 SCOPED(CERTCertificate);
 SCOPED(CERTCertificateList);
+SCOPED(CERTCertList);
 SCOPED(CERTSubjectPublicKeyInfo);
 SCOPED(PK11SlotInfo);
 SCOPED(PK11SymKey);
diff --git a/gtests/ssl_gtest/tls_agent.cc b/gtests/ssl_gtest/tls_agent.cc
index 703e211ab..4ba2ad24b 100644
--- a/gtests/ssl_gtest/tls_agent.cc
+++ b/gtests/ssl_gtest/tls_agent.cc
@@ -150,6 +150,10 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) {
     rv = SSL_SNISocketConfigHook(ssl_fd_, SniHook, this);
     EXPECT_EQ(SECSuccess, rv);
     if (rv != SECSuccess) return false;
+
+    ScopedCERTCertList anchors(CERT_NewCertList());
+    rv = SSL_SetTrustAnchors(ssl_fd_, anchors.get());
+    if (rv != SECSuccess) return false;
   } else {
     rv = SSL_SetURL(ssl_fd_, "server");
     EXPECT_EQ(SECSuccess, rv);
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index 1001fb165..b334607a4 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -13195,6 +13195,9 @@ ssl3_DestroySSL3Info(sslSocket *ss)
         CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
         ss->ssl3.clientCertChain = NULL;
     }
+    if (ss->ssl3.ca_list) {
+        CERT_FreeDistNames(ss->ssl3.ca_list);
+    }
 
     /* clean up handshake */
     if (ss->ssl3.hs.md5) {