sk_X509_pop_free(s->session->peer_chain, X509_free);
s->session->peer_chain = sk;
+ sk = NULL;
/*
* Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
* Inconsistency alert: cert_chain does *not* include the peer's own
* certificate, while we do include it in statem_clnt.c
*/
- sk = NULL;
/* Save the current hash state for when we receive the CertificateVerify */
if (SSL_IS_TLS13(s)) {
}
if (tctx->generate_ticket_cb != NULL &&
- tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
+ tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) {
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+ SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+ ERR_R_INTERNAL_ERROR);
goto err;
-
+ }
/*
* If we are using anti-replay protection then we behave as if
* SSL_OP_NO_TICKET is set - we are caching tickets anyway so there