SSL_CTX_add_extra_chain_cert() requires X509_dup()

svn path=/pow/POW-0.7/POW.c; revision=1483
author: Rob Austein <sra@hactrn.net> 2008-01-18 21:25:56 +0000
committer: Rob Austein <sra@hactrn.net> 2008-01-18 21:25:56 +0000
commit: f1f3e8465410589007a84701e070686e227a4125 (patch)
tree: ce837f01a79facc7ad72ca634e3bead3f0742e18 /pow/POW-0.7/POW.c
parent: 2a294f2152abb599659a48457b04f8dfa487333b (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/pow/POW-0.7/POW.c b/pow/POW-0.7/POW.c
index f71d9d05..474eb37e 100644
--- a/pow/POW-0.7/POW.c
+++ b/pow/POW-0.7/POW.c
@@ -3720,6 +3720,7 @@ static PyObject *
 ssl_object_add_certificate(ssl_object *self, PyObject *args)
 {
    x509_object *x509 = NULL;
+   X509 *x = NULL;
 
    if (!PyArg_ParseTuple(args, "O!", &x509type, &x509))
       goto error;
@@ -3727,13 +3728,21 @@ ssl_object_add_certificate(ssl_object *self, PyObject *args)
    if (self->ctxset)
       { PyErr_SetString( SSLErrorObject, "cannot be called after setFd()" ); goto error; }
 
-   if ( !SSL_CTX_add_extra_chain_cert(self->ctx, x509->x509) )
+   if ( !(x = X509_dup(x509->x509)) )
+      { PyErr_SetString( SSLErrorObject, "could not duplicate X509 object" ); goto error; }
+
+   if ( !SSL_CTX_add_extra_chain_cert(self->ctx, x) )
       { set_openssl_pyerror( "could not add certificate" ); goto error; }
 
+   x = NULL;
+
    return Py_BuildValue("");
 
 error:
 
+   if (x)
+      X509_free(x);
+
    return NULL;
 }
author	Rob Austein <sra@hactrn.net>	2008-01-18 21:25:56 +0000
committer	Rob Austein <sra@hactrn.net>	2008-01-18 21:25:56 +0000
commit	f1f3e8465410589007a84701e070686e227a4125 (patch)
tree	ce837f01a79facc7ad72ca634e3bead3f0742e18 /pow/POW-0.7/POW.c
parent	2a294f2152abb599659a48457b04f8dfa487333b (diff)