Bug 1318561 - Free CA name list, r=ttaubert

Differential Revision: https://nss-review.dev.mozaws.net/D79 --HG-- extra : rebase_source : 84563286e99fada93eff0afb54f2a5809bad3754 extra : amend_source : e2de2650b3bf163671c4683e04a662132e69c1ea
sailfishos-mirror · Nov 23, 2016 · b11c016 · b11c016
1 parent b7545f4
commit b11c016
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 0 deletions.
diff --git a/gtests/common/scoped_ptrs.h b/gtests/common/scoped_ptrs.h
@@ -19,6 +19,9 @@ struct ScopedDelete {
   void operator()(CERTCertificateList* list) {
     CERT_DestroyCertificateList(list);
   }
+  void operator()(CERTCertList* list) {
+    CERT_DestroyCertList(list);
+  }
   void operator()(CERTSubjectPublicKeyInfo* spki) {
     SECKEY_DestroySubjectPublicKeyInfo(spki);
   }
@@ -44,6 +47,7 @@ struct ScopedMaybeDelete {
 
 SCOPED(CERTCertificate);
 SCOPED(CERTCertificateList);
+SCOPED(CERTCertList);
 SCOPED(CERTSubjectPublicKeyInfo);
 SCOPED(PK11SlotInfo);
 SCOPED(PK11SymKey);

diff --git a/gtests/ssl_gtest/tls_agent.cc b/gtests/ssl_gtest/tls_agent.cc
@@ -150,6 +150,10 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) {
     rv = SSL_SNISocketConfigHook(ssl_fd_, SniHook, this);
     EXPECT_EQ(SECSuccess, rv);
     if (rv != SECSuccess) return false;
+
+    ScopedCERTCertList anchors(CERT_NewCertList());
+    rv = SSL_SetTrustAnchors(ssl_fd_, anchors.get());
+    if (rv != SECSuccess) return false;
   } else {
     rv = SSL_SetURL(ssl_fd_, "server");
     EXPECT_EQ(SECSuccess, rv);

diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
@@ -13195,6 +13195,9 @@ ssl3_DestroySSL3Info(sslSocket *ss)
         CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
         ss->ssl3.clientCertChain = NULL;
     }
+    if (ss->ssl3.ca_list) {
+        CERT_FreeDistNames(ss->ssl3.ca_list);
+    }
 
     /* clean up handshake */
     if (ss->ssl3.hs.md5) {