add CyaSSL_UnloadCertsKeys to free SSL certs and keys after handshake

cyassl/ssl.h

@@ -847,6 +847,7 @@ CYASSL_API int CyaSSL_make_eap_keys(CYASSL*, void* key, unsigned int len,
                                                long, int);
     CYASSL_API int CyaSSL_use_certificate_chain_buffer(CYASSL*, 
                                                const unsigned char*, long);
+    CYASSL_API int CyaSSL_UnloadCertsKeys(CYASSL*);
 #endif
 
 CYASSL_API int CyaSSL_CTX_set_group_messages(CYASSL_CTX*);

src/ssl.c

@@ -5071,6 +5071,36 @@ int CyaSSL_set_compression(CYASSL* ssl)
                              ssl, NULL, 1);
     }
 
+
+    /* unload any certs or keys that SSL owns, leave CTX as is
+       SSL_SUCCESS on ok */
+    int CyaSSL_UnloadCertsKeys(CYASSL* ssl)
+    {
+        if (ssl == NULL) {
+            CYASSL_MSG("Null function arg"); 
+            return BAD_FUNC_ARG;
+        }
+
+        if (ssl->buffers.weOwnCert) {
+            CYASSL_MSG("Unloading cert");
+            XFREE(ssl->buffers.certificate.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
+            ssl->buffers.weOwnCert = 0;
+            ssl->buffers.certificate.length = 0;
+            ssl->buffers.certificate.buffer = NULL;
+        }
+
+        if (ssl->buffers.weOwnKey) {
+            CYASSL_MSG("Unloading key");
+            XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
+            ssl->buffers.weOwnKey = 0;
+            ssl->buffers.key.length = 0;
+            ssl->buffers.key.buffer = NULL;
+        }
+
+        return SSL_SUCCESS;
+    }
+
+
     int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx)
     {
         CYASSL_ENTER("CyaSSL_CTX_UnloadCAs");