From 5684e56e0e92848521de202e4d79ce51b539d14d Mon Sep 17 00:00:00 2001 From: Colton Willey Date: Mon, 2 Dec 2024 12:15:33 -0800 Subject: [PATCH] Always keep original x509 pointer with proper refcounts even for self signed trusted CA --- src/x509_str.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/x509_str.c b/src/x509_str.c index b9361ceb3..c5d712e18 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -1102,11 +1102,9 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) if ((store->owned = wolfSSL_sk_X509_new_null()) == NULL) goto err_exit; -#if !defined(WOLFSSL_SIGNER_DER_CERT) if ((store->trusted = wolfSSL_sk_X509_new_null()) == NULL) goto err_exit; #endif -#endif #ifdef HAVE_CRL store->crl = store->cm->crl; @@ -1196,20 +1194,18 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) } #if defined(OPENSSL_EXTRA) if (store->certs != NULL) { - wolfSSL_sk_X509_free(store->certs); + wolfSSL_sk_X509_pop_free(store->certs, wolfSSL_X509_free); store->certs = NULL; } if (store->owned != NULL) { wolfSSL_sk_X509_pop_free(store->owned, wolfSSL_X509_free); store->owned = NULL; } -#if !defined(WOLFSSL_SIGNER_DER_CERT) if (store->trusted != NULL) { - wolfSSL_sk_X509_free(store->trusted); + wolfSSL_sk_X509_pop_free(store->trusted, wolfSSL_X509_free); store->trusted = NULL; } #endif -#endif #ifdef OPENSSL_ALL if (store->objs != NULL) { X509StoreFreeObjList(store, store->objs); @@ -1406,7 +1402,6 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) * CA=TRUE */ if (wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) == 0) { result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA); - #if !defined(WOLFSSL_SIGNER_DER_CERT) if (result == WOLFSSL_SUCCESS && store->trusted != NULL) { result = wolfSSL_X509_up_ref(x509); if (result == WOLFSSL_SUCCESS) { @@ -1419,7 +1414,6 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) } } } - #endif } else { if (store->certs != NULL) {