On Fri, Mar 21, 2003 at 12:30:36PM +0100, Ralf S. Engelschall wrote: > - if ((xs = SSL_get_certificate(ssl)) != NULL) > + if ((xs = SSL_get_certificate(ssl)) != NULL) { > result = ssl_var_lookup_ssl_cert(p, xs, var+7); > + X509_free(xs); > + } > }
That isn't safe, SSL_get_certificate doesn't increase the refcount on the certificate (unlike SSL_peer_get_certificate). Regards, joe ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]