mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
mbedtls/ssl: free cert chain when mbedtls_client_preload_filepath enabled
Signed-off-by: makejian <makejian@xiaomi.com>
This commit is contained in:
parent
e0c312c202
commit
ee955b29ee
1 changed files with 22 additions and 8 deletions
|
@ -226,15 +226,18 @@ SSL_CTX* SSL_CTX_new(const SSL_METHOD *method, void *rngctx)
|
|||
|
||||
#if defined(LWS_HAVE_mbedtls_x509_crt_parse_file)
|
||||
if (mbedtls_client_preload_filepath) {
|
||||
mbedtls_x509_crt **px = (mbedtls_x509_crt **)ctx->client_CA->x509_pm;
|
||||
mbedtls_x509_crt **px = (mbedtls_x509_crt **)ctx->client_CA->x509_pm;
|
||||
|
||||
*px = malloc(sizeof(**px));
|
||||
mbedtls_x509_crt_init(*px);
|
||||
n = mbedtls_x509_crt_parse_file(*px, mbedtls_client_preload_filepath);
|
||||
if (n < 0)
|
||||
lwsl_err("%s: unable to load cert bundle 0x%x\n", __func__, -n);
|
||||
else
|
||||
lwsl_info("%s: loaded cert bundle %d\n", __func__, n);
|
||||
*px = malloc(sizeof(**px));
|
||||
mbedtls_x509_crt_init(*px);
|
||||
n = mbedtls_x509_crt_parse_file(*px, mbedtls_client_preload_filepath);
|
||||
if (n < 0) {
|
||||
lwsl_err("%s: unable to load cert bundle 0x%x\n", __func__, -n);
|
||||
mbedtls_x509_crt_free(*px);
|
||||
free(*px);
|
||||
} else {
|
||||
lwsl_info("%s: loaded cert bundle %d\n", __func__, n);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -257,6 +260,17 @@ void SSL_CTX_free(SSL_CTX* ctx)
|
|||
|
||||
ssl_cert_free(ctx->cert);
|
||||
|
||||
#if defined(LWS_HAVE_mbedtls_x509_crt_parse_file)
|
||||
if (mbedtls_client_preload_filepath) {
|
||||
mbedtls_x509_crt **px = (mbedtls_x509_crt **)ctx->client_CA->x509_pm;
|
||||
|
||||
if (*px) {
|
||||
mbedtls_x509_crt_free(*px);
|
||||
free(*px);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
X509_free(ctx->client_CA);
|
||||
|
||||
if (ctx->alpn_protos) {
|
||||
|
|
Loading…
Add table
Reference in a new issue