Set reference count earlier

Backport of 0e04674e964b905e67e3d215bcf888932c92765f

Reviewed-by: Steve Henson <steve@openssl.org>
RT #4047, #4110, MR #1356

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 93a1eb941ab942e6aa84d19425d9437c1d2e2318..a73f866cb9a7fbbc4b5373bafa10ef2a9d060d77 100644 (file)
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -227,6 +227,7 @@ CERT *ssl_cert_dup(CERT *cert)
 
     memset(ret, 0, sizeof(CERT));
 
+    ret->references = 1;
     ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
     /*
      * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
@@ -325,7 +326,6 @@ CERT *ssl_cert_dup(CERT *cert)
 #endif
     }
 
-    ret->references = 1;
     /*
      * Set digests to defaults. NB: we don't copy existing values as they
      * will be set during handshake.

diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 9ddc591bac9a4782a80f73fc5124fa7724e75e32..f2071db93702c71a12459008feb3b9220c409aa8 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -307,6 +307,7 @@ SSL *SSL_new(SSL_CTX *ctx)
     s->options = ctx->options;
     s->mode = ctx->mode;
     s->max_cert_list = ctx->max_cert_list;
+    s->references = 1;
 
     if (ctx->cert != NULL) {
         /*
@@ -405,7 +406,6 @@ SSL *SSL_new(SSL_CTX *ctx)
     if (!s->method->ssl_new(s))
         goto err;
 
-    s->references = 1;
     s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
 
     SSL_clear(s);