1 files changed, 8 insertions, 8 deletions
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c
index 3b06f01eba..83585fac05 100644
--- a/src/lib/libtls/tls_ocsp.c
+++ b/src/lib/libtls/tls_ocsp.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls_ocsp.c,v 1.21 2021/10/21 14:57:55 tb Exp $ */
+/*      $OpenBSD: tls_ocsp.c,v 1.22 2021/10/31 16:39:32 tb Exp $ */
 /*
 * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
 * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
@@ -129,7 +129,7 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs,
        X509_NAME *issuer_name;
        X509 *issuer;
        X509_STORE_CTX *storectx = NULL;
-        X509_OBJECT tmpobj;
+        X509_OBJECT *obj = NULL;
        OCSP_CERTID *cid = NULL;
        X509_STORE *store;
@@ -150,15 +150,15 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs,
                goto out;
        if (X509_STORE_CTX_init(storectx, store, main_cert, extra_certs) != 1)
                goto out;
-        if (X509_STORE_get_by_subject(storectx, X509_LU_X509, issuer_name,
+        if ((obj = X509_STORE_CTX_get_obj_by_subject(storectx, X509_LU_X509,
-            &tmpobj) == 1) {
+            issuer_name)) == NULL)
-                cid = OCSP_cert_to_id(NULL, main_cert,
+                goto out;
-                    X509_OBJECT_get0_X509(&tmpobj));
-                X509_OBJECT_free_contents(&tmpobj);
+        cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(obj));
-        }
 out:
        X509_STORE_CTX_free(storectx);
+        X509_OBJECT_free(obj);
        return cid;
 }

diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c index 3b06f01eba..83585fac05 100644 --- a/src/lib/libtls/tls_ocsp.c +++ b/src/lib/libtls/tls_ocsp.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_ocsp.c,v 1.21 2021/10/21 14:57:55 tb Exp $ */	1	/* $OpenBSD: tls_ocsp.c,v 1.22 2021/10/31 16:39:32 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Marko Kreen <markokr@gmail.com>	3	* Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
4	* Copyright (c) 2016 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2016 Bob Beck <beck@openbsd.org>
@@ -129,7 +129,7 @@ tls_ocsp_get_certid(X509 main_cert, STACK_OF(X509) extra_certs,
129	X509_NAME *issuer_name;	129	X509_NAME *issuer_name;
130	X509 *issuer;	130	X509 *issuer;
131	X509_STORE_CTX *storectx = NULL;	131	X509_STORE_CTX *storectx = NULL;
132	X509_OBJECT tmpobj;	132	X509_OBJECT *obj = NULL;
133	OCSP_CERTID *cid = NULL;	133	OCSP_CERTID *cid = NULL;
134	X509_STORE *store;	134	X509_STORE *store;
135		135
@@ -150,15 +150,15 @@ tls_ocsp_get_certid(X509 main_cert, STACK_OF(X509) extra_certs,
150	goto out;	150	goto out;
151	if (X509_STORE_CTX_init(storectx, store, main_cert, extra_certs) != 1)	151	if (X509_STORE_CTX_init(storectx, store, main_cert, extra_certs) != 1)
152	goto out;	152	goto out;
153	if (X509_STORE_get_by_subject(storectx, X509_LU_X509, issuer_name,	153	if ((obj = X509_STORE_CTX_get_obj_by_subject(storectx, X509_LU_X509,
154	&tmpobj) == 1) {	154	issuer_name)) == NULL)
155	cid = OCSP_cert_to_id(NULL, main_cert,	155	goto out;
156	X509_OBJECT_get0_X509(&tmpobj));	156
157	X509_OBJECT_free_contents(&tmpobj);	157	cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(obj));
158	}
159		158
160	out:	159	out:
161	X509_STORE_CTX_free(storectx);	160	X509_STORE_CTX_free(storectx);
		161	X509_OBJECT_free(obj);
162		162
163	return cid;	163	return cid;
164	}	164	}