1 files changed, 8 insertions, 10 deletions
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
index 4edf3881c2..e31ae38076 100644
--- a/src/lib/libssl/tls13_server.c
+++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_server.c,v 1.92 2022/01/08 12:43:45 jsing Exp $ */
+/* $OpenBSD: tls13_server.c,v 1.93 2022/01/08 12:59:59 jsing Exp $ */
 /*
 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -921,21 +921,19 @@ tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
        if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)
                goto err;
-        ssl_sess_cert_free(s->session->sess_cert);
+        sk_X509_pop_free(s->session->cert_chain, X509_free);
-        if ((s->session->sess_cert = ssl_sess_cert_new()) == NULL)
+        s->session->cert_chain = certs;
-                goto err;
-        s->session->sess_cert->cert_chain = certs;
        certs = NULL;
        X509_up_ref(cert);
-        s->session->sess_cert->peer_pkeys[cert_idx].x509 = cert;
+        X509_free(s->session->peer_pkeys[cert_idx].x509);
-        s->session->sess_cert->peer_key = &(s->session->sess_cert->peer_pkeys[cert_idx]);
+        s->session->peer_pkeys[cert_idx].x509 = cert;
+        s->session->peer_key = &s->session->peer_pkeys[cert_idx];
-        X509_free(s->session->peer);
        X509_up_ref(cert);
+        X509_free(s->session->peer);
        s->session->peer = cert;
        s->session->verify_result = s->verify_result;
        ctx->handshake_stage.hs_type |= WITH_CCV;

diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c index 4edf3881c2..e31ae38076 100644 --- a/src/lib/libssl/tls13_server.c +++ b/src/lib/libssl/tls13_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_server.c,v 1.92 2022/01/08 12:43:45 jsing Exp $ */	1	/* $OpenBSD: tls13_server.c,v 1.93 2022/01/08 12:59:59 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
@@ -921,21 +921,19 @@ tls13_client_certificate_recv(struct tls13_ctx ctx, CBS cbs)
921	if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)	921	if ((cert_idx = ssl_cert_type(cert, pkey)) < 0)
922	goto err;	922	goto err;
923		923
924	ssl_sess_cert_free(s->session->sess_cert);	924	sk_X509_pop_free(s->session->cert_chain, X509_free);
925	if ((s->session->sess_cert = ssl_sess_cert_new()) == NULL)	925	s->session->cert_chain = certs;
926	goto err;
927
928	s->session->sess_cert->cert_chain = certs;
929	certs = NULL;	926	certs = NULL;
930		927
931	X509_up_ref(cert);	928	X509_up_ref(cert);
932	s->session->sess_cert->peer_pkeys[cert_idx].x509 = cert;	929	X509_free(s->session->peer_pkeys[cert_idx].x509);
933	s->session->sess_cert->peer_key = &(s->session->sess_cert->peer_pkeys[cert_idx]);	930	s->session->peer_pkeys[cert_idx].x509 = cert;
934		931	s->session->peer_key = &s->session->peer_pkeys[cert_idx];
935	X509_free(s->session->peer);
936		932
937	X509_up_ref(cert);	933	X509_up_ref(cert);
		934	X509_free(s->session->peer);
938	s->session->peer = cert;	935	s->session->peer = cert;
		936
939	s->session->verify_result = s->verify_result;	937	s->session->verify_result = s->verify_result;
940		938
941	ctx->handshake_stage.hs_type \|= WITH_CCV;	939	ctx->handshake_stage.hs_type \|= WITH_CCV;