From 337cddfd905681f8fc67b9e3fbecc033080ad30f Mon Sep 17 00:00:00 2001
From: Colton Willey <colton@wolfssl.com>
Date: Wed, 14 Aug 2024 13:13:25 -0700
Subject: [PATCH] Rework implementation to use existing weOwnCert logic

---
 src/internal.c |  2 ++
 src/ssl.c      | 12 ++----------
 src/ssl_load.c | 11 -----------
 3 files changed, 4 insertions(+), 21 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 5ae5382d34..58f8ddf449 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6816,6 +6816,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
             return ret;
         }
 
+        ssl->buffers.weOwnCert = TRUE;
         ret = WOLFSSL_SUCCESS;
     }
     if (ctx->certChain != NULL) {
@@ -6829,6 +6830,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
             return ret;
         }
 
+        ssl->buffers.weOwnCertChain = TRUE;
         ret = WOLFSSL_SUCCESS;
     }
 #else
diff --git a/src/ssl.c b/src/ssl.c
index a0f377bb9b..2137035b6f 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -10806,11 +10806,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             return BAD_FUNC_ARG;
         }
 
-    #ifdef WOLFSSL_COPY_CERT
-        /* If WOLFSSL_COPY_CERT defined, always free cert buffers in SSL obj */
-        FreeDer(&ssl->buffers.certificate);
-        FreeDer(&ssl->buffers.certChain);
-    #endif
         if (ssl->buffers.weOwnCert && !ssl->keepCert) {
             WOLFSSL_MSG("Unloading cert");
             FreeDer(&ssl->buffers.certificate);
@@ -19554,11 +19549,6 @@ void wolfSSL_certs_clear(WOLFSSL* ssl)
     /* ctx still owns certificate, certChain, key, dh, and cm */
     if (ssl->buffers.weOwnCert)
         FreeDer(&ssl->buffers.certificate);
-#ifdef WOLFSSL_COPY_CERT
-    /* If WOLFSSL_COPY_CERT defined, always free cert buffers in SSL obj */
-    FreeDer(&ssl->buffers.certificate);
-    FreeDer(&ssl->buffers.certChain);
-#endif
     ssl->buffers.certificate = NULL;
     if (ssl->buffers.weOwnCertChain)
         FreeDer(&ssl->buffers.certChain);
@@ -20174,6 +20164,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
             return NULL;
         }
 
+        ssl->buffers.weOwnCert = TRUE;
         ret = WOLFSSL_SUCCESS;
     }
     if (ctx->certChain != NULL) {
@@ -20187,6 +20178,7 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
             return NULL;
         }
 
+        ssl->buffers.weOwnCertChain = TRUE;
         ret = WOLFSSL_SUCCESS;
     }
 #else
diff --git a/src/ssl_load.c b/src/ssl_load.c
index ee11273bf3..da4279e39e 100644
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@@ -236,9 +236,6 @@ static int ProcessUserChainRetain(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     /* Store in SSL object if available. */
     if (ssl != NULL) {
         /* Dispose of old chain if not reference to context's. */
-    #ifdef WOLFSSL_COPY_CERT
-        FreeDer(&ssl->buffers.certChain);
-    #endif
         if (ssl->buffers.weOwnCertChain) {
             FreeDer(&ssl->buffers.certChain);
         }
@@ -2082,10 +2079,6 @@ static int ProcessBufferCertHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
     /* Leaf certificate - our certificate. */
     else if (type == CERT_TYPE) {
         if (ssl != NULL) {
-#ifdef WOLFSSL_COPY_CERT
-            /* Always Free previously set if WOLFSSL_COPY_CERT defined */
-            FreeDer(&ssl->buffers.certificate);
-#endif
             /* Free previous certificate if we own it. */
             if (ssl->buffers.weOwnCert) {
                 FreeDer(&ssl->buffers.certificate);
@@ -4567,10 +4560,6 @@ static int wolfssl_add_to_chain(DerBuffer** chain, int weOwn, const byte* cert,
         c32to24(certSz, newChain->buffer + len);
         XMEMCPY(newChain->buffer + len + CERT_HEADER_SZ, cert, certSz);
 
-#ifdef WOLFSSL_COPY_CERT
-        FreeDer(chain);
-#endif
-
         /* Dispose of old chain if we own it. */
         if (weOwn) {
             FreeDer(chain);