• Davi Arnaut's avatar
    Bug#42158: leak: SSL_get_peer_certificate() doesn't have matching X509_free() · 981ff94d
    Davi Arnaut authored
    The problem is that the server failed to follow the rule that
    every X509 object retrieved using SSL_get_peer_certificate()
    must be explicitly freed by X509_free(). This caused a memory
    leak for builds linked against OpenSSL where the X509 object
    is reference counted -- improper counting will prevent the
    object from being destroyed once the session containing the
    peer certificate is freed.
    
    The solution is to explicitly free every X509 object used.
    981ff94d
openssl_1.test 8.67 KB