https://bugs.openldap.org/show_bug.cgi?id=9696
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |TEST
--- Comment #1 from Howard Chu hyc@openldap.org --- (In reply to cheimes@redhat.com from comment #0)
The OpenSSL implementation of ldap_get_option() LDAP_OPT_X_TLS_PEERCERT leaks memory. The internal function tlso_session_peercert() uses SSL_get_peer_certificate() to access the server certificate. SSL_get_peer_certificate() increases the reference counter of the peer cert by one. The code is missing a X509_free() call to decref the internal reference counter by one.
I also recommend that you check the return value of SSL_get_peer_certificate() for NULL. There are cases when a TLS session does not have access to a peer certificate, e.g. session resumption.
Thanks for the report. Fixed in git master