From 67aeda4a4207f6ae0bc2efad93f25fd4bc74acb6 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Thu, 3 Apr 2014 16:53:40 +0200
Subject: [PATCH] openssl: free peer certificate after validating it

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
---
 ustream-openssl.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ustream-openssl.c b/ustream-openssl.c
index efae44c..787cc38 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -220,10 +220,6 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
 	X509 *cert;
 	int res;
 
-	cert = SSL_get_peer_certificate(ssl);
-	if (!cert)
-		return;
-
 	res = SSL_get_verify_result(ssl);
 	if (res != X509_V_OK) {
 		if (us->notify_verify_error)
@@ -231,8 +227,13 @@ static void ustream_ssl_verify_cert(struct ustream_ssl *us)
 		return;
 	}
 
+	cert = SSL_get_peer_certificate(ssl);
+	if (!cert)
+		return;
+
 	us->valid_cert = true;
 	us->valid_cn = ustream_ssl_verify_cn(us, cert);
+	X509_free(cert);
 }
 
 #endif
-- 
2.30.2