Skip to content
Permalink
Browse files
Fix GnuTLS PIN cache leak when only *key* is PKCS#11 and not certific…
…ate.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 13, 2012
1 parent 88d01c9 commit 9ce7f679d68a3e12556814a73f8ab731520c1ca2
Showing with 2 additions and 1 deletion.
  1. +2 −1 gnutls.c
@@ -1454,7 +1454,8 @@ void openconnect_close_https(struct openconnect_info *vpninfo, int final)
gnutls_certificate_free_credentials(vpninfo->https_cred);
vpninfo->https_cred = NULL;
#ifdef HAVE_P11KIT
if (!strncmp(vpninfo->cert, "pkcs11:", 7)) {
if (!strncmp(vpninfo->cert, "pkcs11:", 7) ||
!strncmp(vpninfo->sslkey, "pkcs11:", 7)) {
char pin_source[40];

sprintf(pin_source, "openconnect:%p", vpninfo);

0 comments on commit 9ce7f67

Please sign in to comment.