BUG/MEDIUM: ssl: does not try to free a DH in a ckch

author William Lallemand <wlallemand@haproxy.com>

Wed, 31 Jul 2019 16:31:34 +0000 (18:31 +0200)

committer Willy Tarreau <w@1wt.eu>

Wed, 31 Jul 2019 17:35:31 +0000 (19:35 +0200)
author William Lallemand <wlallemand@haproxy.com>
Wed, 31 Jul 2019 16:31:34 +0000 (18:31 +0200)
committer Willy Tarreau <w@1wt.eu>
Wed, 31 Jul 2019 17:35:31 +0000 (19:35 +0200)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c

index ceadc9b8e525223c73ca06c2e1d21dbf83894097..0eaf2eb0615c828a6e010244339108e88f8a7bc6 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2858,10 +2858,8 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
         int ret = -1;
         DH *dh = NULL;
  
-       if (ckch)
+       if (ckch && ckch->dh) {
                 dh = ckch->dh;
-
-       if (dh) {
                 ret = 1;
                 SSL_CTX_set_tmp_dh(ctx, dh);
  
@@ -2897,9 +2895,6 @@ static int ssl_sock_load_dh_params(SSL_CTX *ctx, const struct cert_key_and_chain
         }
  
  end:
-       if (dh)
-               DH_free(dh);
-
         return ret;
  }
  #endif
author	William Lallemand <wlallemand@haproxy.com>
	Wed, 31 Jul 2019 16:31:34 +0000 (18:31 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Wed, 31 Jul 2019 17:35:31 +0000 (19:35 +0200)