From 455af50facb33ba25f8ef39940dd3c69dafd19a6 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.com>
Date: Thu, 17 Oct 2019 18:04:45 +0200
Subject: [PATCH] MINOR: ssl: update ssl_sock_free_cert_key_and_chain_contents

The struct cert_key_and_chain now contains the DH, the sctl and the
ocsp_response. Free them.
---
 src/ssl_sock.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a3829e5d4..fe607f9e6 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2931,6 +2931,23 @@ static void ssl_sock_free_cert_key_and_chain_contents(struct cert_key_and_chain
 		sk_X509_pop_free(ckch->chain, X509_free);
 	ckch->chain = NULL;
 
+	if (ckch->dh)
+		DH_free(ckch->dh);
+	ckch->dh = NULL;
+
+	if (ckch->sctl) {
+		free(ckch->sctl->area);
+		ckch->sctl->area = NULL;
+		free(ckch->sctl);
+		ckch->sctl = NULL;
+	}
+
+	if (ckch->ocsp_response) {
+		free(ckch->ocsp_response->area);
+		ckch->ocsp_response->area = NULL;
+		free(ckch->ocsp_response);
+		ckch->ocsp_response = NULL;
+	}
 }
 
 /* checks if a key and cert exists in the ckch