From f1f3e8465410589007a84701e070686e227a4125 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Fri, 18 Jan 2008 21:25:56 +0000
Subject: SSL_CTX_add_extra_chain_cert() requires X509_dup()

svn path=/pow/POW-0.7/POW.c; revision=1483
---
 pow/POW-0.7/POW.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'pow/POW-0.7/POW.c')

diff --git a/pow/POW-0.7/POW.c b/pow/POW-0.7/POW.c
index f71d9d05..474eb37e 100644
--- a/pow/POW-0.7/POW.c
+++ b/pow/POW-0.7/POW.c
@@ -3720,6 +3720,7 @@ static PyObject *
 ssl_object_add_certificate(ssl_object *self, PyObject *args)
 {
    x509_object *x509 = NULL;
+   X509 *x = NULL;
 
    if (!PyArg_ParseTuple(args, "O!", &x509type, &x509))
       goto error;
@@ -3727,13 +3728,21 @@ ssl_object_add_certificate(ssl_object *self, PyObject *args)
    if (self->ctxset)
       { PyErr_SetString( SSLErrorObject, "cannot be called after setFd()" ); goto error; }
 
-   if ( !SSL_CTX_add_extra_chain_cert(self->ctx, x509->x509) )
+   if ( !(x = X509_dup(x509->x509)) )
+      { PyErr_SetString( SSLErrorObject, "could not duplicate X509 object" ); goto error; }
+
+   if ( !SSL_CTX_add_extra_chain_cert(self->ctx, x) )
       { set_openssl_pyerror( "could not add certificate" ); goto error; }
 
+   x = NULL;
+
    return Py_BuildValue("");
 
 error:
 
+   if (x)
+      X509_free(x);
+
    return NULL;
 }
 
-- 
cgit v1.2.3