From 8e1adb125cf7b1661737ea38498415b143779b33 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Wed, 12 Feb 2020 15:45:44 -0700 Subject: [PATCH] free existing cert store when setting a new one --- src/ssl.c | 7 +++++++ tests/api.c | 23 ++++++++++++++++++++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 6b73d7ac8..14e6545ae 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14899,6 +14899,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl) wolfSSL_CertManagerFree(ctx->cm); } ctx->cm = str->cm; + + /* free existing store if it exists */ + if (ctx->x509_store_pt != NULL) { + /* cert manager was free'd a little earlier in this function */ + ctx->x509_store_pt->cm = NULL; + } + wolfSSL_X509_STORE_free(ctx->x509_store_pt); ctx->x509_store.cache = str->cache; ctx->x509_store_pt = str; /* take ownership of store and free it with CTX free */ diff --git a/tests/api.c b/tests/api.c index 4fa095e18..5ca517543 100644 --- a/tests/api.c +++ b/tests/api.c @@ -21238,8 +21238,10 @@ static void test_wolfSSL_CTX_set_srp_password(void) static void test_wolfSSL_X509_STORE(void) { -#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_RSA) +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) X509_STORE *store; + + #ifdef HAVE_CRL X509_CRL *crl; X509 *x509; const char crl_pem[] = "./certs/crl/crl.pem"; @@ -21260,6 +21262,25 @@ static void test_wolfSSL_X509_STORE(void) AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); X509_CRL_free(crl); X509_STORE_free(store); + #endif /* HAVE_CRL */ + + + + #ifndef WOLFCRYPT_ONLY + { + SSL_CTX* ctx; + #ifndef NO_WOLFSSL_SERVER + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + #else + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); + #endif + AssertNotNull(store = (X509_STORE *)X509_STORE_new()); + SSL_CTX_set_cert_store(ctx, store); + AssertNotNull(store = (X509_STORE *)X509_STORE_new()); + SSL_CTX_set_cert_store(ctx, store); + SSL_CTX_free(ctx); + } + #endif printf(resultFmt, passed); #endif return;