On Fri, Mar 21, 2003, Joe Orton wrote:
> On Fri, Mar 21, 2003 at 12:30:36PM +0100, Ralf S. Engelschall wrote:
> > - if ((xs = SSL_get_certificate(ssl)) != NULL)
> > + if ((xs = SSL_get_certificate(ssl)) != NULL) {
> > result = ssl_var_lookup_ssl_cert(p, xs, var+7);
> > + X509_free(xs);
> > + }
> > }
>
> That isn't safe, SSL_get_certificate doesn't increase the refcount on
> the certificate (unlike SSL_peer_get_certificate).
Ops, great catch! Yes, you're right, I was not aware of this subtle
difference. Will be fixed.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
