diff options
author | Felix Fietkau <nbd@openwrt.org> | 2014-04-03 16:53:40 +0200 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2014-04-03 16:53:40 +0200 |
commit | 67aeda4a4207f6ae0bc2efad93f25fd4bc74acb6 (patch) | |
tree | 89256e93dd729aa3aff45fd9cbeef7c59432fca7 | |
parent | fc0b5ec804ee43c532978dd04ab0509c34baefb0 (diff) | |
download | ustream-ssl-67aeda4a4207f6ae0bc2efad93f25fd4bc74acb6.tar.gz |
openssl: free peer certificate after validating it
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
-rw-r--r-- | ustream-openssl.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/ustream-openssl.c b/ustream-openssl.c index efae44c..787cc38 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -220,10 +220,6 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us) X509 *cert; int res; - cert = SSL_get_peer_certificate(ssl); - if (!cert) - return; - res = SSL_get_verify_result(ssl); if (res != X509_V_OK) { if (us->notify_verify_error) @@ -231,8 +227,13 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us) return; } + cert = SSL_get_peer_certificate(ssl); + if (!cert) + return; + us->valid_cert = true; us->valid_cn = ustream_ssl_verify_cn(us, cert); + X509_free(cert); } #endif |