If keyUsage was only required to be present, but no specific value was
required, we would omit to free the extracted string. This happens as of
2.4.1, if --remote-cert-tls is used. In that case we leak a bit of
memory on each TLS (re)negotiation.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1494154878-18403-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14563.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
... | ... |
@@ -318,3 +318,12 @@ Version 2.4.1 |
318 | 318 |
``--remote-cert-tls`` uses the far more common keyUsage and extendedKeyUsage |
319 | 319 |
extension instead. Make sure your certificates carry these to be able to |
320 | 320 |
use ``--remote-cert-tls``. |
321 |
+ |
|
322 |
+ |
|
323 |
+Version 2.4.2 |
|
324 |
+============= |
|
325 |
+ |
|
326 |
+Bugfixes |
|
327 |
+-------- |
|
328 |
+- Fix memory leak introduced in 2.4.1: if --remote-cert-tls is used, we leaked |
|
329 |
+ some memory on each TLS (re)negotiation. |