From e3a5f84e53b407bf06e38922bc5f24379d759086 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 11 Aug 2020 11:18:46 +0200
Subject: [PATCH] BUG/MINOR: ssl: double free w/ smp_fetch_ssl_x_chain_der()

smp_fetch_ssl_x_chain_der() uses the SSL_get_peer_cert_chain() which
does not increment the refcount of the chain, so it should not be free'd.

The bug was introduced by a598b50 ("MINOR: ssl: add ssl_{c,s}_chain_der
fetch methods"). No backport needed.
---
 src/ssl_sample.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/ssl_sample.c b/src/ssl_sample.c
index a21ae3397..0f5936553 100644
--- a/src/ssl_sample.c
+++ b/src/ssl_sample.c
@@ -198,8 +198,6 @@ smp_fetch_ssl_x_chain_der(const struct arg *args, struct sample *smp, const char
 out:
 	if (tmp_trash)
 		free_trash_chunk(tmp_trash);
-	if (certs)
-		sk_X509_pop_free(certs, X509_free);
 	return ret;
 }