Always keep original x509 pointer with proper refcounts even for self signed trusted CA

2025-08-01 03:34:39 +02:00 · 2024-12-02 12:15:33 -08:00
parent c5df3cb6b6
commit 5684e56e0e
1 changed files with 2 additions and 8 deletions
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -1102,11 +1102,9 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
    if ((store->owned = wolfSSL_sk_X509_new_null()) == NULL)
        goto err_exit;

-#if !defined(WOLFSSL_SIGNER_DER_CERT)
    if ((store->trusted = wolfSSL_sk_X509_new_null()) == NULL)
        goto err_exit;
 #endif
-#endif

 #ifdef HAVE_CRL
    store->crl = store->cm->crl;
@@ -1196,20 +1194,18 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
            }
 #if defined(OPENSSL_EXTRA)
            if (store->certs != NULL) {
-                wolfSSL_sk_X509_free(store->certs);
+                wolfSSL_sk_X509_pop_free(store->certs, wolfSSL_X509_free);
                store->certs = NULL;
            }
            if (store->owned != NULL) {
                wolfSSL_sk_X509_pop_free(store->owned, wolfSSL_X509_free);
                store->owned = NULL;
            }
-#if !defined(WOLFSSL_SIGNER_DER_CERT)
            if (store->trusted != NULL) {
-                wolfSSL_sk_X509_free(store->trusted);
+                wolfSSL_sk_X509_pop_free(store->trusted, wolfSSL_X509_free);
                store->trusted = NULL;
            }
 #endif
-#endif
 #ifdef OPENSSL_ALL
            if (store->objs != NULL) {
                X509StoreFreeObjList(store, store->objs);
@@ -1406,7 +1402,6 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
         * CA=TRUE */
        if (wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) == 0) {
            result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA);
-    #if !defined(WOLFSSL_SIGNER_DER_CERT)
            if (result == WOLFSSL_SUCCESS && store->trusted != NULL) {
                result = wolfSSL_X509_up_ref(x509);
                if (result == WOLFSSL_SUCCESS) {
@@ -1419,7 +1414,6 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
                    }
                }
            }
-    #endif
        }
        else {
            if (store->certs != NULL) {