From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Fri, 4 Nov 2022 10:27:11 +0000 (+0200)
Subject: lib-ssl-iostream: Do not unref DH parameters too soon
X-Git-Tag: 2.4.0~3438
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25b48a93df95b5da3a9e3f959d94524e7b7f9049;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Do not unref DH parameters too soon

SSL_CTX_set0_tmp_dh_pkey moves references to SSL_CTX which
frees the DH parameters itself.

Broken by 124c491aa688eec146c21718f0d98aec9ae03294
---

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index 80c3af812e..4086774032 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -202,7 +202,9 @@ ssl_iostream_ctx_use_dh(struct ssl_iostream_context *ctx,
 			openssl_iostream_key_load_error());
 		ret = -1;
 	}
+#ifndef HAVE_SSL_CTX_set0_tmp_dh_pkey
 	EVP_PKEY_free(pkey_dh);
+#endif
 	return ret;
 }