BUG/MEDIUM: ssl: does not try to free a DH in a ckch
ssl_sock_load_dh_params() should not free the DH * of a ckch, or the
ckch won't be usable during the next call.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index ceadc9b..0eaf2eb 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2858,10 +2858,8 @@
int ret = -1;
DH *dh = NULL;
- if (ckch)
+ if (ckch && ckch->dh) {
dh = ckch->dh;
-
- if (dh) {
ret = 1;
SSL_CTX_set_tmp_dh(ctx, dh);
@@ -2897,9 +2895,6 @@
}
end:
- if (dh)
- DH_free(dh);
-
return ret;
}
#endif