r17490@catbus: nickm | 2008-01-07 11:48:02 -0500

Fix bug 582: decref the idcert when we add it to the store.


svn:r13052

ChangeLog

@@ -27,6 +27,8 @@ Changes in version 0.2.0.16-alpha - 2008-01-??
     - Patch from Karsten Loesing to complain less at both the client
       and the relay when a relay used to have the HSDir flag but doesn't
       anymore, and we try to upload a hidden service descriptor.
+    - Stop leaking one cert per TLS context.  Fixes bug 582.  Bugfix
+      on 0.2.0.15-alpha.
 
   o Minor features (controller):
     - Get NS events working again.  (Patch from tup)

src/common/tortls.c

@@ -550,18 +550,14 @@ tor_tls_context_new(crypto_pk_env_t *identity, const char *nickname,
     goto error;
   X509_free(cert); /* We just added a reference to cert. */
   cert=NULL;
-#if 0
-  if (idcert && !SSL_CTX_add_extra_chain_cert(result->ctx,idcert))
-    goto error;
-#else
   if (idcert) {
     X509_STORE *s = SSL_CTX_get_cert_store(result->ctx);
     tor_assert(s);
     X509_STORE_add_cert(s, idcert); /*XXXX020 This cert seems not to get
                                      * freed.  Fix that! */
+    X509_free(idcert); /* The context now owns the reference to idcert */
+    idcert = NULL;
   }
-#endif
-  idcert=NULL; /* The context now owns the reference to idcert */
   SSL_CTX_set_session_cache_mode(result->ctx, SSL_SESS_CACHE_OFF);
   tor_assert(rsa);
   if (!(pkey = _crypto_pk_env_get_evp_pkey(rsa,1)))