From 741b6f2cf0ca2725208d04d2edb4ade8ba4c1faa Mon Sep 17 00:00:00 2001
From: --global <jaramago.fernandez.javier@gmail.com>
Date: Wed, 4 May 2022 16:11:55 +0200
Subject: [PATCH] Fix leak during SSL handshake for SPIFFE authentication

Resources allocated by 'SSL_get_peer_certificate' and
'X509_get_ext_d2i' were being leaked during the SSL handshake.
---
 lib/mysql_data_stream.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/mysql_data_stream.cpp b/lib/mysql_data_stream.cpp
index 438e5643b..7bad707a5 100644
--- a/lib/mysql_data_stream.cpp
+++ b/lib/mysql_data_stream.cpp
@@ -198,6 +198,9 @@ enum sslstatus MySQL_Data_Stream::do_ssl_handshake() {
 					}
 				}
 			}
+
+			sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
+			X509_free(cert);
 		} else {
 			// we currently disable this annoying error
 			// in future we can configure this as per user level, specifying if the certificate is mandatory or not