Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Code Issues Releases Wiki Activity

mbedtls/ssl: free cert chain when mbedtls_client_preload_filepath enabled

Browse source 
Signed-off-by: makejian <makejian@xiaomi.com>
This commit is contained in:
makejian 2025-02-12 11:27:51 +08:00 committed by Andy Green
parent 81633bef2a
commit 2b0c5f1653
1 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
lib/tls/mbedtls/wrapper/library/ssl_lib.c
View file

@ -231,9 +231,11 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method, void *rngctx)
*px = malloc(sizeof(**px));
mbedtls_x509_crt_init(*px);
n = mbedtls_x509_crt_parse_file(*px, mbedtls_client_preload_filepath);
if (n < 0)
if (n < 0) {
lwsl_err("%s: unable to load cert bundle 0x%x\n", __func__, -n);
else
mbedtls_x509_crt_free(*px);
free(*px);
} else
lwsl_info("%s: loaded cert bundle %d\n", __func__, n);
}
#endif
@ -257,6 +259,17 @@ void SSL_CTX_free(SSL_CTX* ctx)
ssl_cert_free(ctx->cert);
#if defined(LWS_HAVE_mbedtls_x509_crt_parse_file)
if (mbedtls_client_preload_filepath) {
mbedtls_x509_crt **px = (mbedtls_x509_crt **)ctx->client_CA->x509_pm;
if (*px) {
mbedtls_x509_crt_free(*px);
free(*px);
}
}
#endif
X509_free(ctx->client_CA);
if (ctx->alpn_protos) {