From 0897175d738effc82f47c06e5429996629452ac6 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Mon, 28 Apr 2025 16:33:48 +0200
Subject: [PATCH] BUG/MINOR: ssl/acme: free EVP_PKEY upon error

Free the EPV_PKEY upon error when the X509_REQ generation failed.

No backport needed.
---
 src/acme.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/acme.c b/src/acme.c
index 8303458be..ec5a3b902 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -2011,6 +2011,7 @@ static int cli_acme_renew_parse(char **args, char *payload, struct appctx *appct
 
 	EVP_PKEY_free(newstore->data->key);
 	newstore->data->key = pkey;
+	pkey = NULL;
 
 	ctx->req = acme_x509_req(pkey, store->conf.acme.domains);
 	if (!ctx->req) {
@@ -2028,6 +2029,7 @@ static int cli_acme_renew_parse(char **args, char *payload, struct appctx *appct
 
 err:
 	HA_SPIN_UNLOCK(CKCH_LOCK, &ckch_lock);
+	EVP_PKEY_free(pkey);
 	ckch_store_free(newstore);
 	EVP_PKEY_CTX_free(pkey_ctx);
 	free(ctx);
-- 
2.47.2