if ((cert = SSL_get_peer_certificate(ssl))) {
sslconn->client_cert = cert;
sslconn->client_dn = NULL;
- X509_free(cert);
}
/*
* Verify the signature on this CRL
*/
pubkey = X509_get_pubkey(cert);
- if (X509_CRL_verify(crl, pubkey) <= 0) {
+ rc = X509_CRL_verify(crl, pubkey);
+#ifdef OPENSSL_VERSION_NUMBER
+ /* Only refcounted in OpenSSL */
+ if (pubkey)
+ EVP_PKEY_free(pubkey);
+#endif
+ if (rc <= 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Invalid signature on CRL");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
X509_OBJECT_free_contents(&obj);
- if (pubkey)
- EVP_PKEY_free(pubkey);
-
return FALSE;
}
- if (pubkey)
- EVP_PKEY_free(pubkey);
-
/*
* Check date of CRL to make sure it's not expired
*/