From a8c73748f8ca545296a8b47f3fd3950dfcc75737 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 31 Jul 2019 18:31:34 +0200
Subject: [PATCH] BUG/MEDIUM: ssl: does not try to free a DH in a ckch

ssl_sock_load_dh_params() should not free the DH * of a ckch, or the
ckch won't be usable during the next call.
---
 src/ssl_sock.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ceadc9b8e5..0eaf2eb061 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2858,10 +2858,8 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
 	int ret = -1;
 	DH *dh = NULL;
 
-	if (ckch)
+	if (ckch && ckch->dh) {
 		dh = ckch->dh;
-
-	if (dh) {
 		ret = 1;
 		SSL_CTX_set_tmp_dh(ctx, dh);
 
@@ -2897,9 +2895,6 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
 	}
 
 end:
-	if (dh)
-		DH_free(dh);
-
 	return ret;
 }
 #endif
-- 
2.47.3