Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix GnuTLS PIN cache leak when only *key* is PKCS#11 and not certific…
…ate.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 13, 2012
1 parent 88d01c9 commit 9ce7f67
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion gnutls.c
Expand Up @@ -1454,7 +1454,8 @@ void openconnect_close_https(struct openconnect_info *vpninfo, int final)
gnutls_certificate_free_credentials(vpninfo->https_cred);
vpninfo->https_cred = NULL;
#ifdef HAVE_P11KIT
if (!strncmp(vpninfo->cert, "pkcs11:", 7)) {
if (!strncmp(vpninfo->cert, "pkcs11:", 7) ||
!strncmp(vpninfo->sslkey, "pkcs11:", 7)) {
char pin_source[40];

sprintf(pin_source, "openconnect:%p", vpninfo);
Expand Down

0 comments on commit 9ce7f67

Please sign in to comment.