1 files changed, 6 insertions, 7 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 32d6470..d9560de 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -579,13 +579,11 @@ bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certi
        return false;
    }
+    // This increments the reference count on the X509 certificate automatically
    if (SSL_CTX_use_certificate(context_.get(), openSSLCert->getInternalX509().get()) != 1) {
        return false;
    }
-    // Increment reference count on certificate so that it does not get freed when the SSL context is destroyed
-    openSSLCert->incrementReferenceCount();
    if (certificateChain.size() > 1) {
        for (auto certificate = certificateChain.begin() + 1; certificate != certificateChain.end(); ++certificate) {
            auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificate->get());
@@ -597,7 +595,7 @@ bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certi
                SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl;
                return false;
            }
+            // Have to manually increment reference count as SSL_CTX_add_extra_chain_cert does not do so
            openSSLCert->incrementReferenceCount();
        }
    }
@@ -644,16 +642,17 @@ bool OpenSSLContext::setPrivateKey(const PrivateKey::ref& privateKey) {
        safePassword.push_back(0);
        password = safePassword.data();
    }
-    auto resultKey = PEM_read_bio_PrivateKey(bio.get(), nullptr, empty_or_preset_password_cb, password);
+    // Make sure resultKey is tidied up by wrapping it in a shared_ptr
+    auto resultKey = std::shared_ptr<EVP_PKEY>(PEM_read_bio_PrivateKey(bio.get(), nullptr, empty_or_preset_password_cb, password), EVP_PKEY_free);
    if (resultKey) {
        if (handle_) {
-            auto result = SSL_use_PrivateKey(handle_.get(), resultKey);;
+            auto result = SSL_use_PrivateKey(handle_.get(), resultKey.get());
            if (result != 1) {
                return false;
            }
        }
        else {
-            auto result = SSL_CTX_use_PrivateKey(context_.get(), resultKey);
+            auto result = SSL_CTX_use_PrivateKey(context_.get(), resultKey.get());
            if (result != 1) {
                return false;
            }

diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp index 32d6470..d9560de 100644 --- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp +++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -579,13 +579,11 @@ bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certi
579	return false;	579	return false;
580	}	580	}
581		581
		582	// This increments the reference count on the X509 certificate automatically
582	if (SSL_CTX_use_certificate(context_.get(), openSSLCert->getInternalX509().get()) != 1) {	583	if (SSL_CTX_use_certificate(context_.get(), openSSLCert->getInternalX509().get()) != 1) {
583	return false;	584	return false;
584	}	585	}
585		586
586	// Increment reference count on certificate so that it does not get freed when the SSL context is destroyed
587	openSSLCert->incrementReferenceCount();
588
589	if (certificateChain.size() > 1) {	587	if (certificateChain.size() > 1) {
590	for (auto certificate = certificateChain.begin() + 1; certificate != certificateChain.end(); ++certificate) {	588	for (auto certificate = certificateChain.begin() + 1; certificate != certificateChain.end(); ++certificate) {
591	auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificate->get());	589	auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificate->get());
@@ -597,7 +595,7 @@ bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certi
597	SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl;	595	SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl;
598	return false;	596	return false;
599	}	597	}
600		598	// Have to manually increment reference count as SSL_CTX_add_extra_chain_cert does not do so
601	openSSLCert->incrementReferenceCount();	599	openSSLCert->incrementReferenceCount();
602	}	600	}
603	}	601	}
@@ -644,16 +642,17 @@ bool OpenSSLContext::setPrivateKey(const PrivateKey::ref& privateKey) {
644	safePassword.push_back(0);	642	safePassword.push_back(0);
645	password = safePassword.data();	643	password = safePassword.data();
646	}	644	}
647	auto resultKey = PEM_read_bio_PrivateKey(bio.get(), nullptr, empty_or_preset_password_cb, password);	645	// Make sure resultKey is tidied up by wrapping it in a shared_ptr
		646	auto resultKey = std::shared_ptr<EVP_PKEY>(PEM_read_bio_PrivateKey(bio.get(), nullptr, empty_or_preset_password_cb, password), EVP_PKEY_free);
648	if (resultKey) {	647	if (resultKey) {
649	if (handle_) {	648	if (handle_) {
650	auto result = SSL_use_PrivateKey(handle_.get(), resultKey);;	649	auto result = SSL_use_PrivateKey(handle_.get(), resultKey.get());
651	if (result != 1) {	650	if (result != 1) {
652	return false;	651	return false;
653	}	652	}
654	}	653	}
655	else {	654	else {
656	auto result = SSL_CTX_use_PrivateKey(context_.get(), resultKey);	655	auto result = SSL_CTX_use_PrivateKey(context_.get(), resultKey.get());
657	if (result != 1) {	656	if (result != 1) {
658	return false;	657	return false;
659	}	658	}