https://bugs.openldap.org/show_bug.cgi?id=9696
Howard Chu <hyc(a)openldap.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |TEST
--- Comment #1 from Howard Chu <hyc(a)openldap.org> ---
(In reply to cheimes(a)redhat.com from comment #0)
The OpenSSL implementation of ldap_get_option()
LDAP_OPT_X_TLS_PEERCERT
leaks memory. The internal function tlso_session_peercert() uses
SSL_get_peer_certificate() to access the server certificate.
SSL_get_peer_certificate() increases the reference counter of the peer cert
by one. The code is missing a X509_free() call to decref the internal
reference counter by one.
I also recommend that you check the return value of
SSL_get_peer_certificate() for NULL. There are cases when a TLS session does
not have access to a peer certificate, e.g. session resumption.
Thanks for the report. Fixed in git master
--
You are receiving this mail because:
You are on the CC list for the issue.