Rework implementation to use existing weOwnCert logic

2025-07-29 18:27:29 +02:00 · 2024-08-14 13:13:25 -07:00
parent f4decf84da
commit 337cddfd90
3 changed files with 4 additions and 21 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -6816,6 +6816,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
            return ret;
        }

+        ssl->buffers.weOwnCert = TRUE;
        ret = WOLFSSL_SUCCESS;
    }
    if (ctx->certChain != NULL) {
@ -6829,6 +6830,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
            return ret;
        }

+        ssl->buffers.weOwnCertChain = TRUE;
        ret = WOLFSSL_SUCCESS;
    }
 #else
--- a/src/ssl.c
+++ b/src/ssl.c
@ -10806,11 +10806,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
            return BAD_FUNC_ARG;
        }

-    #ifdef WOLFSSL_COPY_CERT
-        /* If WOLFSSL_COPY_CERT defined, always free cert buffers in SSL obj */
-        FreeDer(&ssl->buffers.certificate);
-        FreeDer(&ssl->buffers.certChain);
-    #endif
        if (ssl->buffers.weOwnCert && !ssl->keepCert) {
            WOLFSSL_MSG("Unloading cert");
            FreeDer(&ssl->buffers.certificate);
@ -19554,11 +19549,6 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
    /* ctx still owns certificate, certChain, key, dh, and cm */
    if (ssl->buffers.weOwnCert)
        FreeDer(&ssl->buffers.certificate);
-#ifdef WOLFSSL_COPY_CERT
-    /* If WOLFSSL_COPY_CERT defined, always free cert buffers in SSL obj */
-    FreeDer(&ssl->buffers.certificate);
-    FreeDer(&ssl->buffers.certChain);
-#endif
    ssl->buffers.certificate = NULL;
    if (ssl->buffers.weOwnCertChain)
        FreeDer(&ssl->buffers.certChain);
@ -20174,6 +20164,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
            return NULL;
        }

+        ssl->buffers.weOwnCert = TRUE;
        ret = WOLFSSL_SUCCESS;
    }
    if (ctx->certChain != NULL) {
@ -20187,6 +20178,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
            return NULL;
        }

+        ssl->buffers.weOwnCertChain = TRUE;
        ret = WOLFSSL_SUCCESS;
    }
 #else
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@ -236,9 +236,6 @@ static int ProcessUserChainRetain(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
    /* Store in SSL object if available. */
    if (ssl != NULL) {
        /* Dispose of old chain if not reference to context's. */
-    #ifdef WOLFSSL_COPY_CERT
-        FreeDer(&ssl->buffers.certChain);
-    #endif
        if (ssl->buffers.weOwnCertChain) {
            FreeDer(&ssl->buffers.certChain);
        }
@ -2082,10 +2079,6 @@ static int ProcessBufferCertHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
    /* Leaf certificate - our certificate. */
    else if (type == CERT_TYPE) {
        if (ssl != NULL) {
-#ifdef WOLFSSL_COPY_CERT
-            /* Always Free previously set if WOLFSSL_COPY_CERT defined */
-            FreeDer(&ssl->buffers.certificate);
-#endif
            /* Free previous certificate if we own it. */
            if (ssl->buffers.weOwnCert) {
                FreeDer(&ssl->buffers.certificate);
@ -4567,10 +4560,6 @@ static int wolfssl_add_to_chain(DerBuffer** chain, int weOwn, const byte* cert,
        c32to24(certSz, newChain->buffer + len);
        XMEMCPY(newChain->buffer + len + CERT_HEADER_SZ, cert, certSz);

-#ifdef WOLFSSL_COPY_CERT
-        FreeDer(chain);
-#endif
-
        /* Dispose of old chain if we own it. */
        if (weOwn) {
            FreeDer(chain);