On Fri, Mar 21, 2003 at 12:30:36PM +0100, Ralf S. Engelschall wrote:
> - if ((xs = SSL_get_certificate(ssl)) != NULL)
> + if ((xs = SSL_get_certificate(ssl)) != NULL) {
> result = ssl_var_lookup_ssl_cert(p, xs, var+7);
> + X509_free(xs);
> + }
> }
That isn't safe, SSL_get_certificate doesn't increase the refcount on
the certificate (unlike SSL_peer_get_certificate).
Regards,
joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
