Fix previous commit - still need X509_free for peer cert.

Just not for local/my cert.

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index d98c50e1252622ce42236a1a7739ad5f719a4101..b0692a3fb8dbf0047afdab1e9d674b3f89dadbb8 100644 (file)
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -231,8 +231,6 @@ ldap_pvt_tls_init_def_ctx( void )
                        goto error_exit;
                }
 
-               SSL_CTX_set_session_id_context( tls_def_ctx,
-                       "OpenLDAP", sizeof("OpenLDAP")-1 );
                if ( tls_opt_ciphersuite &&
                        !SSL_CTX_set_cipher_list( tls_def_ctx, ciphersuite ) )
                {
@@ -916,6 +914,7 @@ ldap_pvt_tls_get_peer_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func
        
        xn = X509_get_subject_name(x);
        rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags);
+       X509_free(x);
        return rc;
 }
 
@@ -934,10 +933,12 @@ ldap_pvt_tls_get_peer_hostname( void *s )
 
        ret = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf));
        if( ret == -1 ) {
+               X509_free(x);
                return NULL;
        }
 
        p = LDAP_STRDUP(buf);
+       X509_free(x);
        return p;
 }
 
@@ -1064,6 +1065,7 @@ ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
                        ret = LDAP_SUCCESS;
                }
        }
+       X509_free(x);
        return ret;
 }
 
@@ -1081,6 +1083,7 @@ ldap_pvt_tls_get_peer_issuer( void *s )
        
        xn = X509_get_issuer_name(x);
        p = LDAP_STRDUP(X509_NAME_oneline(xn, buf, sizeof(buf)));
+       X509_free(x);
        return p;
 #else
        return NULL;