Dev news

Commit 8b5cd6a682 for openssl.org

commit 8b5cd6a682f0f6e7b8bf55137137c567d1899c4a
Author: Alexandr Nedvedicky <sashan@openssl.org>
Date:   Tue Mar 3 13:23:46 2026 +0100

    dane_match_cert() should X509_free() on ->mcert instead
    of OPENSSL_free()

    Fixes: 170b735820ac "DANE support for X509_verify_cert()"

    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Neil Horman <nhorman@openssl.org>
    MergeDate: Thu Mar  5 12:37:17 2026
    (Merged from https://github.com/openssl/openssl/pull/30250)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index ed9f78c47e..04fa0359cb 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -3408,7 +3408,7 @@ static int dane_match_cert(X509_STORE_CTX *ctx, X509 *cert, int depth)
                     break;
                 }

-                OPENSSL_free(dane->mcert);
+                X509_free(dane->mcert);
                 dane->mcert = cert;
                 dane->mdpth = depth;
                 dane->mtlsa = t;