1 files changed, 15 insertions, 10 deletions

diff --git a/src/lib/libtls/tls_conninfo.c b/src/lib/libtls/tls_conninfo.c
index 86fca2337d..48bb89fe63 100644
--- a/src/lib/libtls/tls_conninfo.c
+++ b/src/lib/libtls/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.3 2015/09/28 15:18:08 jsing Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.4 2015/10/07 23:25:45 beck Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -121,7 +121,7 @@ tls_get_peer_cert_subject(struct tls *ctx, char **subject)
 
 int
 tls_get_conninfo(struct tls *ctx) {
-        int rv = -1;
+        const char * tmp;
         if (ctx->ssl_peer_cert != NULL) {
                 if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1)
                         goto err;
@@ -130,16 +130,21 @@ tls_get_conninfo(struct tls *ctx) {
                         goto err;
                 if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1)
                         goto err;
-                ctx->conninfo->version = strdup(SSL_get_version(ctx->ssl_conn));
-                if (ctx->conninfo->version == NULL)
-                        goto err;
-                ctx->conninfo->cipher = strdup(SSL_get_cipher(ctx->ssl_conn));
-                if (ctx->conninfo->cipher == NULL)
-                        goto err;
         }
-        rv = 0;
+        if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL)
+                goto err;
+        ctx->conninfo->version = strdup(tmp);
+        if (ctx->conninfo->version == NULL)
+                goto err;
+        if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL)
+                goto err;
+        ctx->conninfo->cipher = strdup(tmp);
+        if (ctx->conninfo->cipher == NULL)
+                goto err;
+        return (0);
 err:
-        return (rv);
+        tls_free_conninfo(ctx->conninfo);
+        return (-1);
 }
 
 void