From 2d1daa8095023dde8738ed4d8b62bc5ad436a8bb Mon Sep 17 00:00:00 2001 From: Remi Tricot-Le Breton Date: Mon, 9 Jan 2023 12:02:47 +0100 Subject: [PATCH] BUG/MINOR: ssl: Fix OCSP_CERTID leak when same certificate is used multiple times If a given certificate is used multiple times in a configuration, the ocsp_cid field would have been overwritten during each ssl_sock_load_ocsp call even if it was previously filled. This patch does not need to be backported. --- src/ssl_sock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index efa31eaff..18d006feb 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1150,7 +1150,8 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, struct ckch_data *data, STACK_OF(X50 if (!issuer) goto out; - data->ocsp_cid = OCSP_cert_to_id(0, x, issuer); + if (!data->ocsp_cid) + data->ocsp_cid = OCSP_cert_to_id(0, x, issuer); if (!data->ocsp_cid) goto out;