@@ -276,7 +276,7 @@ proc verifyCertificate(
276276 return ssl_verify_invalid
277277
278278proc setupSSLContext * (quicCtx: QuicContext ) =
279- let sslCtx = SSL_CTX_new (
279+ var sslCtx = SSL_CTX_new (
280280 if quicCtx is ServerContext :
281281 TLS_server_method ()
282282 else :
@@ -285,6 +285,12 @@ proc setupSSLContext*(quicCtx: QuicContext) =
285285 if sslCtx.isNil:
286286 raiseAssert " failed to create sslCtx"
287287
288+ var sslCtxInstalled = false
289+ defer :
290+ if not sslCtxInstalled and not sslCtx.isNil:
291+ SSL_CTX_free (sslCtx)
292+ sslCtx = nil
293+
288294 if SSL_CTX_set_ex_data (sslCtx, SSL_CTX_ID , cast [pointer ](quicCtx)) != 1 :
289295 raiseAssert " could not set data in sslCtx"
290296
@@ -296,13 +302,13 @@ proc setupSSLContext*(quicCtx: QuicContext) =
296302 if quicCtx.tlsConfig.key.len != 0 and quicCtx.tlsConfig.certificate.len != 0 :
297303 let pkey = quicCtx.tlsConfig.key.toPKey ().valueOr:
298304 raiseAssert " could not convert certificate to pkey: " & error
305+ defer :
306+ EVP_PKEY_free (pkey)
299307
300308 let cert = quicCtx.tlsConfig.certificate.toX509 ().valueOr:
301309 raiseAssert " could not convert certificate to x509: " & error
302-
303310 defer :
304311 X509_free (cert)
305- EVP_PKEY_free (pkey)
306312
307313 if SSL_CTX_use_certificate (sslCtx, cert) != 1 :
308314 raiseAssert " could not use certificate"
@@ -335,6 +341,7 @@ proc setupSSLContext*(quicCtx: QuicContext) =
335341 discard SSL_CTX_set_max_proto_version (sslCtx, TLS1_3_VERSION )
336342
337343 quicCtx.sslCtx = sslCtx
344+ sslCtxInstalled = true
338345
339346proc getSSLCtx * (peer_ctx: pointer , sockaddr: ptr SockAddr ): ptr SSL_CTX {.cdecl .} =
340347 let quicCtx = cast [QuicContext ](peer_ctx)
0 commit comments