1 files changed, 8 insertions, 10 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
index 882bce8c1f..d961f98bef 100644
--- a/src/lib/libssl/tls13_client.c
+++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_client.c,v 1.90 2022/01/08 12:43:44 jsing Exp $ */
+/* $OpenBSD: tls13_client.c,v 1.91 2022/01/08 12:59:59 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -628,21 +628,19 @@ tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
        if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)
                goto err;
-        ssl_sess_cert_free(s->session->sess_cert);
+        sk_X509_pop_free(s->session->cert_chain, X509_free);
-        if ((s->session->sess_cert = ssl_sess_cert_new()) == NULL)
+        s->session->cert_chain = certs;
-                goto err;
-        s->session->sess_cert->cert_chain = certs;
        certs = NULL;
        X509_up_ref(cert);
-        s->session->sess_cert->peer_pkeys[cert_idx].x509 = cert;
+        X509_free(s->session->peer_pkeys[cert_idx].x509);
-        s->session->sess_cert->peer_key = &(s->session->sess_cert->peer_pkeys[cert_idx]);
+        s->session->peer_pkeys[cert_idx].x509 = cert;
+        s->session->peer_key = &s->session->peer_pkeys[cert_idx];
-        X509_free(s->session->peer);
        X509_up_ref(cert);
+        X509_free(s->session->peer);
        s->session->peer = cert;
        s->session->verify_result = s->verify_result;
        if (ctx->ocsp_status_recv_cb != NULL &&

diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 882bce8c1f..d961f98bef 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_client.c,v 1.90 2022/01/08 12:43:44 jsing Exp $ */	1	/* $OpenBSD: tls13_client.c,v 1.91 2022/01/08 12:59:59 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -628,21 +628,19 @@ tls13_server_certificate_recv(struct tls13_ctx ctx, CBS cbs)
628	if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)	628	if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)
629	goto err;	629	goto err;
630		630
631	ssl_sess_cert_free(s->session->sess_cert);	631	sk_X509_pop_free(s->session->cert_chain, X509_free);
632	if ((s->session->sess_cert = ssl_sess_cert_new()) == NULL)	632	s->session->cert_chain = certs;
633	goto err;
634
635	s->session->sess_cert->cert_chain = certs;
636	certs = NULL;	633	certs = NULL;
637		634
638	X509_up_ref(cert);	635	X509_up_ref(cert);
639	s->session->sess_cert->peer_pkeys[cert_idx].x509 = cert;	636	X509_free(s->session->peer_pkeys[cert_idx].x509);
640	s->session->sess_cert->peer_key = &(s->session->sess_cert->peer_pkeys[cert_idx]);	637	s->session->peer_pkeys[cert_idx].x509 = cert;
641		638	s->session->peer_key = &s->session->peer_pkeys[cert_idx];
642	X509_free(s->session->peer);
643		639
644	X509_up_ref(cert);	640	X509_up_ref(cert);
		641	X509_free(s->session->peer);
645	s->session->peer = cert;	642	s->session->peer = cert;
		643
646	s->session->verify_result = s->verify_result;	644	s->session->verify_result = s->verify_result;
647		645
648	if (ctx->ocsp_status_recv_cb != NULL &&	646	if (ctx->ocsp_status_recv_cb != NULL &&