BUG/MINOR: ssl: increment issuer refcount if in chain When using the OCSP response, if the issuer of the response is in the certificate chain, its address will be stored in ckch->ocsp_issuer. However, since the ocsp_issuer could be filled by a separate file, this pointer is free'd. The refcount of the X509 need to be incremented to avoid a double free if we free the ocsp_issuer AND the chain.

commit: b829dda57b4c8a44eff53682ed56492ad46ce3ad [log] [tgz]
author: William Lallemand <wlallemand@haproxy.org> Thu Jan 23 11:42:52 2020 +0100
committer: William Lallemand <wlallemand@haproxy.org> Thu Jan 23 11:57:39 2020 +0100
tree: d4767fef6af388c145d0c8cc51532daa222078b7
parent: 027d206b57bec59397eb6fb23f8ff4e3a2edb2e1 [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 4ff051b..db9621b 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -3468,6 +3468,7 @@
 			issuer = sk_X509_value(ckch->chain, i);
 			if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) {
 				ckch->ocsp_issuer = issuer;
+				X509_up_ref(ckch->ocsp_issuer);
 				break;
 			} else
 				issuer = NULL;
commit	b829dda57b4c8a44eff53682ed56492ad46ce3ad	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.org>	Thu Jan 23 11:42:52 2020 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Thu Jan 23 11:57:39 2020 +0100
tree	d4767fef6af388c145d0c8cc51532daa222078b7
parent	027d206b57bec59397eb6fb23f8ff4e3a2edb2e1 [diff]