From: Adriaan de Jong <dejong@fox-it.com>
Date: Wed, 29 Jun 2011 13:45:44 +0000 (+0200)
Subject: Refactored new external key code
X-Git-Tag: v2.3-alpha1~154
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df904551cde7534e3f58809cb810164749fbbc28;p=thirdparty%2Fopenvpn.git

Refactored new external key code

 - To make patch application easier in the future

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
---

diff --git a/ssl.c b/ssl.c
index 200ce15de..19e63ccac 100644
--- a/ssl.c
+++ b/ssl.c
@@ -2022,7 +2022,6 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
   DH *dh;
   BIO *bio;
   bool using_cert_file = false;
-  X509 *my_cert = NULL;
 
   ASSERT(NULL != new_ctx);
 
@@ -2181,6 +2180,8 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
       else
 #endif
 	{
+	  X509 *my_cert = NULL;
+
 	  /* Load Certificate */
 	  if (options->cert_file)
 	    {
@@ -2209,6 +2210,8 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
 	      ASSERT (my_cert);
 	      if (!use_external_private_key(ctx, my_cert))
 		msg (M_SSLERR, "Cannot enable SSL external private key capability");
+	      if (my_cert)
+	        X509_free(my_cert);
 	    }
 	  else
 #endif
@@ -2371,17 +2374,13 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
 	msg (M_SSLERR, "Problem with cipher list: %s", options->cipher_list);
     }
 
- done:
   tls_clear_error ();
-
-  if (my_cert)
-    X509_free(my_cert);
-
   return;
 
  err:
+  tls_clear_error ();
   tls_ctx_free (new_ctx);
-  goto done;
+  return;
 }
 
 /*