1 files changed, 6 insertions, 7 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 32d6470..d9560de 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -573,37 +573,35 @@ bool OpenSSLContext::setCertificateChain(const std::vector<std::shared_ptr<Certi
         return false;
     }
 
     // load endpoint certificate
     auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificateChain[0].get());
     if (!openSSLCert) {
         return false;
     }
 
+    // This increments the reference count on the X509 certificate automatically
     if (SSL_CTX_use_certificate(context_.get(), openSSLCert->getInternalX509().get()) != 1) {
         return false;
     }
 
-    // Increment reference count on certificate so that it does not get freed when the SSL context is destroyed
-    openSSLCert->incrementReferenceCount();
-
     if (certificateChain.size() > 1) {
         for (auto certificate = certificateChain.begin() + 1; certificate != certificateChain.end(); ++certificate) {
             auto openSSLCert = dynamic_cast<OpenSSLCertificate*>(certificate->get());
             if (!openSSLCert) {
                 return false;
             }
 
             if (SSL_CTX_add_extra_chain_cert(context_.get(), openSSLCert->getInternalX509().get()) != 1) {
                 SWIFT_LOG(warning) << "Trying to load empty certificate chain." << std::endl;
                 return false;
             }
-
+            // Have to manually increment reference count as SSL_CTX_add_extra_chain_cert does not do so
             openSSLCert->incrementReferenceCount();
         }
     }
 
     if (handle_) {
         // This workaround is needed as OpenSSL has a shortcut to not do anything
         // if you set the SSL_CTX to the existing SSL_CTX and not reloading the
         // certificates from the SSL_CTX.
         auto dummyContext = createSSL_CTX(mode_);
@@ -638,28 +636,29 @@ bool OpenSSLContext::setPrivateKey(const PrivateKey::ref& privateKey) {
     BIO_write(bio.get(), vecptr(privateKey->getData()), int(privateKey->getData().size()));
 
     SafeByteArray safePassword;
     void* password = nullptr;
     if (privateKey->getPassword()) {
         safePassword = privateKey->getPassword().get();
         safePassword.push_back(0);
         password = safePassword.data();
     }
-    auto resultKey = PEM_read_bio_PrivateKey(bio.get(), nullptr, empty_or_preset_password_cb, password);
+    // Make sure resultKey is tidied up by wrapping it in a shared_ptr
+    auto resultKey = std::shared_ptr<EVP_PKEY>(PEM_read_bio_PrivateKey(bio.get(), nullptr, empty_or_preset_password_cb, password), EVP_PKEY_free);
     if (resultKey) {
         if (handle_) {
-            auto result = SSL_use_PrivateKey(handle_.get(), resultKey);;
+            auto result = SSL_use_PrivateKey(handle_.get(), resultKey.get());
             if (result != 1) {
                 return false;
             }
         }
         else {
-            auto result = SSL_CTX_use_PrivateKey(context_.get(), resultKey);
+            auto result = SSL_CTX_use_PrivateKey(context_.get(), resultKey.get());
             if (result != 1) {
                 return false;
             }
         }
     }
     else {
         return false;
     }
     return true;