openssl: free the peer certificate

tiennou · tiennou · commit 8be2a79099e6 · 2017-12-16T00:07:51.000+01:00
Per SSL_get_peer_certificate docs:
```
The reference count of the X509 object is incremented by one, so that it will not be destroyed when the session containing the peer certificate is freed. The X509 object must be explicitly freed using X509_free().
```
diff --git a/src/streams/openssl.c b/src/streams/openssl.c
@@ -332,7 +332,7 @@ static int check_host_name(const char *name, const char *host)
 
 static int verify_server_cert(SSL *ssl, const char *host)
 {
-	X509 *cert;
+	X509 *cert = NULL;
 	X509_NAME *peer_name;
 	ASN1_STRING *str;
 	unsigned char *peer_cn = NULL;
@@ -458,6 +458,7 @@ static int verify_server_cert(SSL *ssl, const char *host)
 	goto cleanup;
 
 cleanup:
+	X509_free(cert);
 	OPENSSL_free(peer_cn);
 	return error;
 }

Original file line number	Diff line number	Diff line change
`@@ -332,7 +332,7 @@ static int check_host_name(const char name, const char host)`
`332`	`332`
`333`	`333`	`static int verify_server_cert(SSL ssl, const char host)`
`334`	`334`	`{`
`335`		`- X509 *cert;`
	`335`	`+ X509 *cert = NULL;`
`336`	`336`	`X509_NAME *peer_name;`
`337`	`337`	`ASN1_STRING *str;`
`338`	`338`	`unsigned char *peer_cn = NULL;`
`@@ -458,6 +458,7 @@ static int verify_server_cert(SSL ssl, const char host)`
`458`	`458`	`goto cleanup;`
`459`	`459`
`460`	`460`	`cleanup:`
	`461`	`+ X509_free(cert);`
`461`	`462`	`OPENSSL_free(peer_cn);`
`462`	`463`	`return error;`
`463`	`464`	`}`