# HG changeset patch
# User Igor Sysoev <igor@sysoev.ru>
# Date 1209372639 0
# Node ID c4d8867f016224857c51fa7db432940477659b5b
# Parent  3ca17d430c9a5cc058b400d10facdd635489b214
fix memory leak when ssl_verify_client is on

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -288,7 +288,7 @@ ngx_http_ssl_verify_callback(int ok, X50
     char              *subject, *issuer;
     int                err, depth;
     X509              *cert;
-    X509_NAME         *name;
+    X509_NAME         *sname, *iname;
     ngx_connection_t  *c;
     ngx_ssl_conn_t    *ssl_conn;
 
@@ -301,17 +301,25 @@ ngx_http_ssl_verify_callback(int ok, X50
     err = X509_STORE_CTX_get_error(x509_store);
     depth = X509_STORE_CTX_get_error_depth(x509_store);
 
-    name = X509_get_subject_name(cert);
-    subject = name ? X509_NAME_oneline(name, NULL, 0) : "(none)";
-
-    name = X509_get_issuer_name(cert);
-    issuer = name ? X509_NAME_oneline(name, NULL, 0) : "(none)";
+    sname = X509_get_subject_name(cert);
+    subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)";
+
+    iname = X509_get_issuer_name(cert);
+    issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)";
 
     ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
                    "verify:%d, error:%d, depth:%d, "
                    "subject:\"%s\",issuer: \"%s\"",
                    ok, err, depth, subject, issuer);
 
+    if (sname) {
+        OPENSSL_free(subject);
+    }
+
+    if (iname) {
+        OPENSSL_free(issuer);
+    }
+
     return 1;
 }