If keyUsage was only required to be present, but no specific value was
required, we would omit to free the extracted string. This happens as of
2.4.1, if --remote-cert-tls is used. In that case we leak a bit of
memory on each TLS (re)negotiation.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <
1494154878-18403-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14563.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
``--remote-cert-tls`` uses the far more common keyUsage and extendedKeyUsage
extension instead. Make sure your certificates carry these to be able to
use ``--remote-cert-tls``.
+
+
+Version 2.4.2
+=============
+
+Bugfixes
+--------
+- Fix memory leak introduced in 2.4.1: if --remote-cert-tls is used, we leaked
+ some memory on each TLS (re)negotiation.
if (expected_ku[0] == OPENVPN_KU_REQUIRED)
{
/* Extension required, value checked by TLS library */
+ ASN1_BIT_STRING_free(ku);
return SUCCESS;
}
projects / thirdparty / openvpn.git / commitdiff
