jpeach commented on code in PR #9840:
URL: https://github.com/apache/trafficserver/pull/9840#discussion_r1231619775
##########
iocore/net/SSLConfig.cc:
##########
@@ -952,7 +952,8 @@ SSLConfigParams::getCTX(const std::string &client_cert,
const std::string &key_f
SSLError("failed to attach client chain certificate from %s",
client_cert.c_str());
goto fail;
}
- X509_free(cert);
+ // Do not free cert becasue SSL_CTX_add_extra_chain_cert takes
ownership of cert if it succeeds, unlike
+ // SSL_CTX_use_certificate.
Review Comment:
Oh, I missed the extra read at the end of the loop. IMHO, writing it like
this would be a lot clearer:
```C
// Continue to fetch certs to associate intermediate certificates.
while ((cert = PEM_read_bio_X509(biop, nullptr, nullptr, nullptr)) {
if (!SSL_CTX_add_extra_chain_cert(client_ctx.get(), cert)) {
SSLError("failed to attach client chain certificate from %s",
client_cert.c_str());
goto fail;
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
