1 files changed, 7 insertions, 2 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 5c80976..32d6470 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -561,45 +561,50 @@ void OpenSSLContext::sendPendingDataToApplication() {
         data.resize(SSL_READ_BUFFERSIZE);
         ret = SSL_read(handle_.get(), vecptr(data), data.size());
     }
     if (ret < 0 && SSL_get_error(handle_.get(), ret) != SSL_ERROR_WANT_READ) {
         state_ = State::Error;
         onError(std::make_shared<TLSError>(TLSError::UnknownError, openSSLInternalErrorToString()));
     }
 }
 
-bool OpenSSLContext::setCertificateChain(std::vector<std::unique_ptr<Certificate>>&& certificateChain) {
+bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certificate>>& certificateChain) {
     if (certificateChain.size() == 0) {
         SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl;
         return false;
     }
 
     // load endpoint certificate
     auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificateChain[0].get());
     if (!openSSLCert) {
         return false;
     }
 
     if (SSL_CTX_use_certificate(context_.get(), openSSLCert->getInternalX509().get()) != 1) {
         return false;
     }
 
+    // Increment reference count on certificate so that it does not get freed when the SSL context is destroyed
+    openSSLCert->incrementReferenceCount();
+
     if (certificateChain.size() > 1) {
         for (auto certificate = certificateChain.begin() + 1; certificate != certificateChain.end(); ++certificate) {
             auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificate->get());
             if (!openSSLCert) {
                 return false;
             }
+
             if (SSL_CTX_add_extra_chain_cert(context_.get(), openSSLCert->getInternalX509().get()) != 1) {
                 SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl;
                 return false;
             }
-            certificate->release();
+
+            openSSLCert->incrementReferenceCount();
         }
     }
 
     if (handle_) {
         // This workaround is needed as OpenSSL has a shortcut to not do anything
         // if you set the SSL_CTX to the existing SSL_CTX and not reloading the
         // certificates from the SSL_CTX.
         auto dummyContext = createSSL_CTX(mode_);
         SSL_set_SSL_CTX(handle_.get(), dummyContext.get());