BUG/MINOR: ssl: Fix OCSP_CERTID leak when same certificate is used multiple times
If a given certificate is used multiple times in a configuration, the
ocsp_cid field would have been overwritten during each
ssl_sock_load_ocsp call even if it was previously filled.
This patch does not need to be backported.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index efa31ea..18d006f 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1150,7 +1150,8 @@
if (!issuer)
goto out;
- data->ocsp_cid = OCSP_cert_to_id(0, x, issuer);
+ if (!data->ocsp_cid)
+ data->ocsp_cid = OCSP_cert_to_id(0, x, issuer);
if (!data->ocsp_cid)
goto out;