diff --git a/sys/include/libsec.h b/sys/include/libsec.h index 63fa341c5..e46fb3a7c 100644 --- a/sys/include/libsec.h +++ b/sys/include/libsec.h @@ -446,6 +446,7 @@ int okThumbprint(uchar *sha1, Thumbprint *ok); /* readcert.c */ uchar *readcert(char *filename, int *pcertlen); PEMChain*readcertchain(char *filename); +void freecertchain(PEMChain *chain); /* password-based key derivation function 2 (rfc2898) */ void pbkdf2_x(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen, diff --git a/sys/man/2/pushtls b/sys/man/2/pushtls index d9de3717c..f81696870 100644 --- a/sys/man/2/pushtls +++ b/sys/man/2/pushtls @@ -1,6 +1,6 @@ .TH PUSHTLS 2 .SH NAME -pushtls, tlsClient, tlsServer, initThumbprints, freeThumbprints, okThumbprint, readcert, readcertchain \- attach TLS1 or SSL3 encryption to a communication channel +pushtls, tlsClient, tlsServer, initThumbprints, freeThumbprints, freecertchain, okThumbprint, readcert, readcertchain \- attach TLS1 or SSL3 encryption to a communication channel .SH SYNOPSIS .B #include .br @@ -26,7 +26,10 @@ int tlsServer(int fd, TLSconn *conn) uchar *readcert(char *filename, int *pcertlen) .PP .B -PEMchain *readcertchain(char *filename) +PEMChain *readcertchain(char *filename) +.PP +.B +void freecertchain(PEMChain *); .PP .B Thumbprint *initThumbprints(char *ok, char *crl) @@ -198,6 +201,10 @@ the server can present extra certificate evidence to establish the chain of trust to a root authority known to the client. .PP +.I Freecertchain +frees the certificate chain previously allocated by +.IR readcertchain . +.PP .I Conn is not required for the ongoing conversation and may be freed by the application whenever convenient. diff --git a/sys/src/libsec/port/readcert.c b/sys/src/libsec/port/readcert.c index 6fdb456ea..f654e71f7 100644 --- a/sys/src/libsec/port/readcert.c +++ b/sys/src/libsec/port/readcert.c @@ -64,3 +64,15 @@ readcertchain(char *filename) return decodepemchain(chfile, "CERTIFICATE"); } +void +freecertchain(PEMChain *chain) +{ + PEMChain *curr; + + while(chain){ + curr = chain; + chain = chain->next; + free(curr->pem); + free(curr); + } +}