SSL_new() may potentially add a certfificate. Therefore, wen duplicating the certificate that is in the original SSL, remove the one that SSL_new() provided, if any. Spotted by: Mike Zeoli <zeoli@roguewave.com>
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c757ea8..24f314e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c
@@ -1718,6 +1718,10 @@ if (s->cert != NULL) { + if (ret->cert != NULL) + { + ssl_cert_free(ret->cert); + } ret->cert = ssl_cert_dup(s->cert); if (ret->cert == NULL) goto err;