avoid GC untrack if we haven't yet GC tracked
diff --git a/src/crypto/pkcs12.c b/src/crypto/pkcs12.c
index 2f6f944..2302242 100644
--- a/src/crypto/pkcs12.c
+++ b/src/crypto/pkcs12.c
@@ -20,6 +20,7 @@
*/
static void crypto_PKCS12_dealloc(crypto_PKCS12Obj *self);
+static int crypto_PKCS12_clear(crypto_PKCS12Obj *self);
static char crypto_PKCS12_get_certificate_doc[] = "\n\
Return certificate portion of the PKCS12 structure\n\
@@ -414,7 +415,10 @@
error:
sk_X509_free(cacerts); /* NULL safe. Free just the container. */
- crypto_PKCS12_dealloc(self);
+ if (self) {
+ crypto_PKCS12_clear(self);
+ PyObject_GC_Del(self);
+ }
return NULL;
}
diff --git a/test/test_crypto.py b/test/test_crypto.py
index c98a844..9aedea8 100644
--- a/test/test_crypto.py
+++ b/test/test_crypto.py
@@ -1227,9 +1227,7 @@
passwd = 'Lake Michigan'
p12 = self.gen_pkcs12(server_cert_pem, server_key_pem, root_cert_pem)
dumped_p12 = p12.export(maciter=-1, passphrase=passwd, iter=2)
- # Unfortunately, we can't load the dumped PKCS12 back into memory
- # because PKCS12_parse doesn't work on such PKCS12 data.
- p12 = load_pkcs12(dumped_p12, passwd)
+ self.assertRaises(Error, load_pkcs12, dumped_p12, passwd)
def test_zero_len_list_for_ca(self):