From: Howard Chu <hyc@openldap.org>
Date: Wed, 4 Sep 2002 02:28:42 +0000 (+0000)
Subject: Fix previous commit - still need X509_free for peer cert.
X-Git-Tag: NO_SLAP_OP_BLOCKS~1027
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=f83d30a727f29165d6337fe1630ff07418859dcd;p=openldap

Fix previous commit - still need X509_free for peer cert.
Just not for local/my cert.
---

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index d98c50e125..b0692a3fb8 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -231,8 +231,6 @@ ldap_pvt_tls_init_def_ctx( void )
 			goto error_exit;
 		}
 
-		SSL_CTX_set_session_id_context( tls_def_ctx,
-			"OpenLDAP", sizeof("OpenLDAP")-1 );
 		if ( tls_opt_ciphersuite &&
 			!SSL_CTX_set_cipher_list( tls_def_ctx, ciphersuite ) )
 		{
@@ -916,6 +914,7 @@ ldap_pvt_tls_get_peer_dn( void *s, struct berval *dn, LDAPDN_rewrite_dummy *func
 	
 	xn = X509_get_subject_name(x);
 	rc = ldap_X509dn2bv(xn, dn, (LDAPDN_rewrite_func *)func, flags);
+	X509_free(x);
 	return rc;
 }
 
@@ -934,10 +933,12 @@ ldap_pvt_tls_get_peer_hostname( void *s )
 
 	ret = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf));
 	if( ret == -1 ) {
+		X509_free(x);
 		return NULL;
 	}
 
 	p = LDAP_STRDUP(buf);
+	X509_free(x);
 	return p;
 }
 
@@ -1064,6 +1065,7 @@ ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
 			ret = LDAP_SUCCESS;
 		}
 	}
+	X509_free(x);
 	return ret;
 }
 
@@ -1081,6 +1083,7 @@ ldap_pvt_tls_get_peer_issuer( void *s )
 	
 	xn = X509_get_issuer_name(x);
 	p = LDAP_STRDUP(X509_NAME_oneline(xn, buf, sizeof(buf)));
+	X509_free(x);
 	return p;
 #else
 	return NULL;