From b11c016b200896984807fb0d2f176706405992b9 Mon Sep 17 00:00:00 2001
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 23 Nov 2016 14:12:46 +1100
Subject: [PATCH] Bug 1318561 - Free CA name list, r=ttaubert

Differential Revision: https://nss-review.dev.mozaws.net/D79

--HG--
extra : rebase_source : 84563286e99fada93eff0afb54f2a5809bad3754
extra : amend_source : e2de2650b3bf163671c4683e04a662132e69c1ea
---
 gtests/common/scoped_ptrs.h   | 4 ++++
 gtests/ssl_gtest/tls_agent.cc | 4 ++++
 lib/ssl/ssl3con.c             | 3 +++
 3 files changed, 11 insertions(+)

diff --git a/gtests/common/scoped_ptrs.h b/gtests/common/scoped_ptrs.h
index dd609feb66..9a93e78c31 100644
--- a/gtests/common/scoped_ptrs.h
+++ b/gtests/common/scoped_ptrs.h
@@ -19,6 +19,9 @@ struct ScopedDelete {
   void operator()(CERTCertificateList* list) {
     CERT_DestroyCertificateList(list);
   }
+  void operator()(CERTCertList* list) {
+    CERT_DestroyCertList(list);
+  }
   void operator()(CERTSubjectPublicKeyInfo* spki) {
     SECKEY_DestroySubjectPublicKeyInfo(spki);
   }
@@ -44,6 +47,7 @@ struct ScopedMaybeDelete {
 
 SCOPED(CERTCertificate);
 SCOPED(CERTCertificateList);
+SCOPED(CERTCertList);
 SCOPED(CERTSubjectPublicKeyInfo);
 SCOPED(PK11SlotInfo);
 SCOPED(PK11SymKey);
diff --git a/gtests/ssl_gtest/tls_agent.cc b/gtests/ssl_gtest/tls_agent.cc
index 703e211ab4..4ba2ad24bd 100644
--- a/gtests/ssl_gtest/tls_agent.cc
+++ b/gtests/ssl_gtest/tls_agent.cc
@@ -150,6 +150,10 @@ bool TlsAgent::EnsureTlsSetup(PRFileDesc* modelSocket) {
     rv = SSL_SNISocketConfigHook(ssl_fd_, SniHook, this);
     EXPECT_EQ(SECSuccess, rv);
     if (rv != SECSuccess) return false;
+
+    ScopedCERTCertList anchors(CERT_NewCertList());
+    rv = SSL_SetTrustAnchors(ssl_fd_, anchors.get());
+    if (rv != SECSuccess) return false;
   } else {
     rv = SSL_SetURL(ssl_fd_, "server");
     EXPECT_EQ(SECSuccess, rv);
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index 1001fb1652..b334607a40 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -13195,6 +13195,9 @@ ssl3_DestroySSL3Info(sslSocket *ss)
         CERT_DestroyCertificateList(ss->ssl3.clientCertChain);
         ss->ssl3.clientCertChain = NULL;
     }
+    if (ss->ssl3.ca_list) {
+        CERT_FreeDistNames(ss->ssl3.ca_list);
+    }
 
     /* clean up handshake */
     if (ss->ssl3.hs.md5) {