BUG/MEDIUM: ssl: don't free the ckch in multi-cert bundle

When using a ckch we should never try to free its content, because it
won't be usable  after and can result in a NULL derefence during
parsing.

The content was previously freed because the ckch wasn't stored in a
tree to be used later, now that we use it multiple time, we need to keep
the data.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0eaf2eb0615c828a6e010244339108e88f8a7bc6..4656df0fc93de905c2d21a46d10523058a3c67cb 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3398,9 +3398,6 @@ end:
        if (names)
                sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
 
-       for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
-               ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
-
        node = ebmb_first(&sni_keytypes_map);
        while (node) {
                next = ebmb_next(node);