Limit tls_config_clear_keys() to only clearing private keys.

This was inadvertently clearing the keypair, which includes the OCSP staple
and pubkey hash - if an application called tls_configure() followed by
tls_config_clear_keys(), this would prevent OCSP staples from working.

ok beck@

1 files changed, 2 insertions, 5 deletions

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index d32176fe6e..6094c74265 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.51 2018/03/20 15:40:10 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.51.2.1 2018/04/18 16:29:11 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -189,10 +189,7 @@ tls_config_clear_keys(struct tls_config *config)
         struct tls_keypair *kp;
 
         for (kp = config->keypair; kp != NULL; kp = kp->next)
-                tls_keypair_clear(kp);
-
-        tls_config_set_ca_mem(config, NULL, 0);
-        tls_config_set_crl_mem(config, NULL, 0);
+                tls_keypair_clear_key(kp);
 }
 
 int