BUG/MINOR: ssl/cli: free the previous ckch content once a PEM is loaded

When using "set ssl cert" on the CLI, if we load a new PEM, the previous
sctl, issuer and OCSP response are still loaded. This doesn't make any
sense since they won't be usable with a new private key.

This patch free the previous data.

Should be backported in 2.1.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 88611dd665eef4632b543ceee8078e7e16bc63dd..4ff051b9b48027c0ef4f803deb1ffba73e76faeb 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3357,6 +3357,26 @@ static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_
                goto end;
        }
 
+       /* once it loaded the PEM, it should remove everything else in the ckch */
+       if (ckch->ocsp_response) {
+               free(ckch->ocsp_response->area);
+               ckch->ocsp_response->area = NULL;
+               free(ckch->ocsp_response);
+               ckch->ocsp_response = NULL;
+       }
+
+       if (ckch->sctl) {
+               free(ckch->sctl->area);
+               ckch->sctl->area = NULL;
+               free(ckch->sctl);
+               ckch->sctl = NULL;
+       }
+
+       if (ckch->ocsp_issuer) {
+               X509_free(ckch->ocsp_issuer);
+               ckch->ocsp_issuer = NULL;
+       }
+
        /* no error, fill ckch with new context, old context will be free at end: */
        SWAP(ckch->key, key);
        SWAP(ckch->dh, dh);