BUG/MEDIUM: ssl: don't free the ckch in multi-cert bundle When using a ckch we should never try to free its content, because it won't be usable after and can result in a NULL derefence during parsing. The content was previously freed because the ckch wasn't stored in a tree to be used later, now that we use it multiple time, we need to keep the data.

commit: 6dee29d63d597dfb865b67e53c04c7a9a015ba63 [log] [tgz]
author: William Lallemand <wlallemand@haproxy.com> Thu Aug 01 10:59:34 2019 +0200
committer: William Lallemand <wlallemand@haproxy.org> Thu Aug 01 11:27:24 2019 +0200
tree: 1dc4a0e1c84ddbb0d18d86c99dd08f90b0145c24
parent: f580d0f3918b31d2b3b3d99c99d120d46c712d2f [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0eaf2eb..4656df0 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -3398,9 +3398,6 @@
 	if (names)
 		sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
 
-	for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++)
-		ssl_sock_free_cert_key_and_chain_contents(&certs_and_keys[n]);
-
 	node = ebmb_first(&sni_keytypes_map);
 	while (node) {
 		next = ebmb_next(node);
commit	6dee29d63d597dfb865b67e53c04c7a9a015ba63	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.com>	Thu Aug 01 10:59:34 2019 +0200
committer	William Lallemand <wlallemand@haproxy.org>	Thu Aug 01 11:27:24 2019 +0200
tree	1dc4a0e1c84ddbb0d18d86c99dd08f90b0145c24
parent	f580d0f3918b31d2b3b3d99c99d120d46c712d2f [diff]