Skip to content

Free server certificate (x509cert) after SSL_CTX_use_certificate in O…#977

Merged
markt-asf merged 1 commit intoapache:mainfrom
markt-asf:copilot/review-opensslcontext
Apr 2, 2026
Merged

Free server certificate (x509cert) after SSL_CTX_use_certificate in O…#977
markt-asf merged 1 commit intoapache:mainfrom
markt-asf:copilot/review-opensslcontext

Conversation

@markt-asf
Copy link
Copy Markdown
Contributor

@markt-asf markt-asf commented Apr 2, 2026

…penSSLContext

SSL_CTX_use_certificate makes an internal copy, so the caller should free the original. This is the same class of bug fixed by commit 8ef5efc for client CA certificates after SSL_CTX_add_client_CA.

X509_free is added on:

  • early return when private key parsing fails (x509cert already allocated)
  • error path when SSL_CTX_use_certificate fails
  • success path after SSL_CTX_use_certificate (copy already made internally)

@markt-asf
Free server certificate (x509cert) after SSL_CTX_use_certificate in O…
7dd08a7 
…penSSLContext

SSL_CTX_use_certificate makes an internal copy, so the caller should free
the original. This is the same class of bug fixed by commit 8ef5efc for
client CA certificates after SSL_CTX_add_client_CA.

X509_free is added on:
- early return when private key parsing fails (x509cert already allocated)
- error path when SSL_CTX_use_certificate fails
- success path after SSL_CTX_use_certificate (copy already made internally)

Co-authored-by: markt-asf <markt@apache.org>
@markt-asf markt-asf merged commit c587fec into apache:main Apr 2, 2026
6 checks passed
@markt-asf markt-asf deleted the copilot/review-opensslcontext branch April 2, 2026 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@markt-asf