On Fri, Mar 21, 2003, Joe Orton wrote: > On Fri, Mar 21, 2003 at 12:30:36PM +0100, Ralf S. Engelschall wrote: > > - if ((xs = SSL_get_certificate(ssl)) != NULL) > > + if ((xs = SSL_get_certificate(ssl)) != NULL) { > > result = ssl_var_lookup_ssl_cert(p, xs, var+7); > > + X509_free(xs); > > + } > > } > > That isn't safe, SSL_get_certificate doesn't increase the refcount on > the certificate (unlike SSL_peer_get_certificate).
Ops, great catch! Yes, you're right, I was not aware of this subtle difference. Will be fixed. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]