Refactored new external key code

 - To make patch application easier in the future

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>

diff --git a/ssl.c b/ssl.c
index 200ce15dedea6898b1830ba1c8141646ebadebed..19e63ccaca3e38cb6e56861ba24d0c1e27fa52c3 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -2022,7 +2022,6 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
   DH *dh;
   BIO *bio;
   bool using_cert_file = false;
-  X509 *my_cert = NULL;
 
   ASSERT(NULL != new_ctx);
 
@@ -2181,6 +2180,8 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
       else
 #endif
        {
+         X509 *my_cert = NULL;
+
          /* Load Certificate */
          if (options->cert_file)
            {
@@ -2209,6 +2210,8 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
              ASSERT (my_cert);
              if (!use_external_private_key(ctx, my_cert))
                msg (M_SSLERR, "Cannot enable SSL external private key capability");
+             if (my_cert)
+               X509_free(my_cert);
            }
          else
 #endif
@@ -2371,17 +2374,13 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
        msg (M_SSLERR, "Problem with cipher list: %s", options->cipher_list);
     }
 
- done:
   tls_clear_error ();
-
-  if (my_cert)
-    X509_free(my_cert);
-
   return;
 
  err:
+  tls_clear_error ();
   tls_ctx_free (new_ctx);
-  goto done;
+  return;
 }
 
 /*