commit 0ce98070e2184adc7e535cf97f68d0efce2b394a
author Jean-Paul Calderone <exarkun@boson> Mon Feb 18 23:22:29 2008 -0500
committer Jean-Paul Calderone <exarkun@boson> Mon Feb 18 23:22:29 2008 -0500
tree f98ed8d817c867b08b8c3c19770c15ffaad25a9d
parent 1a3575f8b4f27a875a56b2327a3e5a6b460aa1b8

duplicate the underlying X509 object - SSL_CTX_add_extra_chain_cert steals the reference

src/ssl/context.c

diff --git a/src/ssl/context.c b/src/ssl/context.c
index a8a63df..e88b004 100644
--- a/src/ssl/context.c
+++ b/src/ssl/context.c
@@ -310,14 +310,22 @@
 static PyObject *
 ssl_Context_add_extra_chain_cert(ssl_ContextObj *self, PyObject *args)
 {
+    X509* cert_original;
     crypto_X509Obj *cert = parse_certificate_argument(
         "O:add_extra_chain_cert", "O!:add_extra_chain_cert", args);
-    if (cert == NULL) {
+    if (cert == NULL)
+    {
         return NULL;
     }
-
-    if (!SSL_CTX_add_extra_chain_cert(self->ctx, cert->x509))
+    if (!(cert_original = X509_dup(cert->x509)))
     {
+        /* exception_from_error_queue(); */
+        PyErr_SetString(PyExc_RuntimeError, "X509_dup failed");
+        return NULL;
+    }
+    if (!SSL_CTX_add_extra_chain_cert(self->ctx, cert_original))
+    {
+        X509_free(cert_original);
         exception_from_error_queue();
         return NULL;
     }