From 9059b593fa5fd68624bb685dd770051e01a34bd5 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Sun, 24 Oct 2021 09:15:00 +0000
Subject: Don't leak internal->verfied_chain, clean it up in ssl3_clear and
 free.

spotted by and ok jsing@
---
 src/lib/libssl/s3_lib.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e78b70f0d8..8a96a2cdef 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.215 2021/09/08 12:56:14 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.216 2021/10/24 09:15:00 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1574,6 +1574,7 @@ ssl3_free(SSL *s)
 	tls13_clienthello_hash_clear(&S3I(s)->hs.tls13);
 
 	sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
+	sk_X509_pop_free(s->internal->verified_chain, X509_free);
 
 	tls1_transcript_free(s);
 	tls1_transcript_hash_free(s);
@@ -1595,6 +1596,8 @@ ssl3_clear(SSL *s)
 
 	tls1_cleanup_key_block(s);
 	sk_X509_NAME_pop_free(S3I(s)->hs.tls12.ca_names, X509_NAME_free);
+	sk_X509_pop_free(s->internal->verified_chain, X509_free);
+	s->internal->verified_chain = NULL;
 
 	DH_free(S3I(s)->tmp.dh);
 	S3I(s)->tmp.dh = NULL;
-- 
cgit v1.2.3-55-g6feb