Have the verify subroutines take a reference on the public key
diff --git a/lib/openssl.c b/lib/openssl.c
index 00e54b3..3221a7e 100644
--- a/lib/openssl.c
+++ b/lib/openssl.c
@@ -1311,6 +1311,7 @@
if (!ptls_mem_equal(expected_pubkey.base, certs[0].base, certs[0].len))
goto Exit;
+ EVP_PKEY_up_ref(self->expected_pubkey);
*verify_data = self->expected_pubkey;
*verifier = verify_sign;
ret = 0;
@@ -1321,6 +1322,7 @@
int ptls_openssl_raw_pubkey_init_verify_certificate(ptls_openssl_raw_pubkey_verify_certificate_t *self, EVP_PKEY *expected_pubkey)
{
+ EVP_PKEY_up_ref(expected_pubkey);
*self = (ptls_openssl_raw_pubkey_verify_certificate_t){{verify_raw_cert}, expected_pubkey};
return 0;
}
diff --git a/t/cli.c b/t/cli.c
index 4f36122..b97c960 100644
--- a/t/cli.c
+++ b/t/cli.c
@@ -567,6 +567,7 @@
return 1;
}
setup_raw_pubkey_verify_certificate(&ctx, pubkey);
+ EVP_PKEY_free(pubkey);
}
ctx.use_raw_public_keys = 1;
} else {