Rework implementation to use existing weOwnCert logic

wolfSSL · Aug 14, 2024 · 337cddf · 337cddf
1 parent f4decf8
commit 337cddf
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 21 deletions.
diff --git a/src/internal.c b/src/internal.c
@@ -6816,6 +6816,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
             return ret;
         }
 
+        ssl->buffers.weOwnCert = TRUE;
         ret = WOLFSSL_SUCCESS;
     }
     if (ctx->certChain != NULL) {
@@ -6829,6 +6830,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
             return ret;
         }
 
+        ssl->buffers.weOwnCertChain = TRUE;
         ret = WOLFSSL_SUCCESS;
     }
 #else

diff --git a/src/ssl.c b/src/ssl.c
@@ -10806,11 +10806,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             return BAD_FUNC_ARG;
         }
 
-    #ifdef WOLFSSL_COPY_CERT
-        /* If WOLFSSL_COPY_CERT defined, always free cert buffers in SSL obj */
-        FreeDer(&ssl->buffers.certificate);
-        FreeDer(&ssl->buffers.certChain);
-    #endif
         if (ssl->buffers.weOwnCert && !ssl->keepCert) {
             WOLFSSL_MSG("Unloading cert");
             FreeDer(&ssl->buffers.certificate);
@@ -19554,11 +19549,6 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
     /* ctx still owns certificate, certChain, key, dh, and cm */
     if (ssl->buffers.weOwnCert)
         FreeDer(&ssl->buffers.certificate);
-#ifdef WOLFSSL_COPY_CERT
-    /* If WOLFSSL_COPY_CERT defined, always free cert buffers in SSL obj */
-    FreeDer(&ssl->buffers.certificate);
-    FreeDer(&ssl->buffers.certChain);
-#endif
     ssl->buffers.certificate = NULL;
     if (ssl->buffers.weOwnCertChain)
         FreeDer(&ssl->buffers.certChain);
@@ -20174,6 +20164,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
             return NULL;
         }
 
+        ssl->buffers.weOwnCert = TRUE;
         ret = WOLFSSL_SUCCESS;
     }
     if (ctx->certChain != NULL) {
@@ -20187,6 +20178,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
             return NULL;
         }
 
+        ssl->buffers.weOwnCertChain = TRUE;
         ret = WOLFSSL_SUCCESS;
     }
 #else

diff --git a/src/ssl_load.c b/src/ssl_load.c
@@ -236,9 +236,6 @@ static int ProcessUserChainRetain(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     /* Store in SSL object if available. */
     if (ssl != NULL) {
         /* Dispose of old chain if not reference to context's. */
-    #ifdef WOLFSSL_COPY_CERT
-        FreeDer(&ssl->buffers.certChain);
-    #endif
         if (ssl->buffers.weOwnCertChain) {
             FreeDer(&ssl->buffers.certChain);
         }
@@ -2082,10 +2079,6 @@ static int ProcessBufferCertHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     /* Leaf certificate - our certificate. */
     else if (type == CERT_TYPE) {
         if (ssl != NULL) {
-#ifdef WOLFSSL_COPY_CERT
-            /* Always Free previously set if WOLFSSL_COPY_CERT defined */
-            FreeDer(&ssl->buffers.certificate);
-#endif
             /* Free previous certificate if we own it. */
             if (ssl->buffers.weOwnCert) {
                 FreeDer(&ssl->buffers.certificate);
@@ -4567,10 +4560,6 @@ static int wolfssl_add_to_chain(DerBuffer** chain, int weOwn, const byte* cert,
         c32to24(certSz, newChain->buffer + len);
         XMEMCPY(newChain->buffer + len + CERT_HEADER_SZ, cert, certSz);
 
-#ifdef WOLFSSL_COPY_CERT
-        FreeDer(chain);
-#endif
-
         /* Dispose of old chain if we own it. */
         if (weOwn) {
             FreeDer(chain);