From b0c7efb2410f154a900795bc547804563524c29e Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Tue, 8 Jul 2014 09:25:50 -0400
Subject: [PATCH] duplicate x509 in mem for delayed verification

---
 daemon/call.c | 2 ++
 daemon/dtls.c | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/daemon/call.c b/daemon/call.c
index 1ceb3aa6a..25c98f20c 100644
--- a/daemon/call.c
+++ b/daemon/call.c
@@ -2260,6 +2260,8 @@ static void __call_free(void *p) {
 
 	while (c->streams) {
 		ps = c->streams->data;
+		if (ps->dtls_cert)
+			X509_free(ps->dtls_cert);
 		c->streams = g_slist_delete_link(c->streams, c->streams);
 		g_slice_free1(sizeof(*ps), ps);
 	}
diff --git a/daemon/dtls.c b/daemon/dtls.c
index 65a5a26a5..699422540 100644
--- a/daemon/dtls.c
+++ b/daemon/dtls.c
@@ -343,7 +343,9 @@ static int verify_callback(int ok, X509_STORE_CTX *store) {
 	if (!media)
 		return 0;
 
-	ps->dtls_cert = X509_STORE_CTX_get_current_cert(store);
+	if (ps->dtls_cert)
+		X509_free(ps->dtls_cert);
+	ps->dtls_cert = X509_dup(X509_STORE_CTX_get_current_cert(store));
 
 	if (!media->fingerprint.hash_func)
 		return 1; /* delay verification */