When we instantiate a connection we simply copy the certificate over, without getting a reference count over the new certificate reference, resulting in a bogus certificate when the instance is deleted.
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au> diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c index 6e9b2f2..292b3b1 100644 --- a/programs/pluto/connections.c +++ b/programs/pluto/connections.c @@ -713,6 +713,11 @@ void unshare_connection_end_strings(struct end *e) /* do "left" */ unshare_id_content(&e->id); + if (e->cert.u.nss_cert) { + e->cert.u.nss_cert = CERT_DupCertificate(e->cert.u.nss_cert); + passert(e->cert.u.nss_cert); + } + if (e->ca.ptr != NULL) clonetochunk(e->ca, e->ca.ptr, e->ca.len, "ca string"); -- Email: Herbert Xu <herb...@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev