BUG/MINOR: ssl: Fix OCSP_CERTID leak when same certificate is used multiple times

If a given certificate is used multiple times in a configuration, the
ocsp_cid field would have been overwritten during each
ssl_sock_load_ocsp call even if it was previously filled.

This patch does not need to be backported.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index efa31eaffed955ef0d9d40325b7d822e8f3a86ee..18d006feb57e247b79e7ffa129d9b3a69f306f08 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1150,7 +1150,8 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, struct ckch_data *data, STACK_OF(X50
        if (!issuer)
                goto out;
 
-       data->ocsp_cid = OCSP_cert_to_id(0, x, issuer);
+       if (!data->ocsp_cid)
+               data->ocsp_cid = OCSP_cert_to_id(0, x, issuer);
        if (!data->ocsp_cid)
                goto out;