Commit f25b1aca8b for strongswan.org

commit f25b1aca8ba62bdc221b8aa2f86c0dfae0f9d56a
Author: Jean-François Hren <jean-francois.hren@stormshield.eu>
Date:   Mon Dec 1 17:02:39 2025 +0100

    credential-manager: Fix leaked signature params if self-signed cert is untrusted

    Closes strongswan/strongswan#2954

diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index dd6b89488b..4f18121214 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -788,6 +788,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
 					DBG1(DBG_CFG, "  self-signed certificate \"%Y\" is not "
 						 "trusted", current->get_subject(current));
 					issuer->destroy(issuer);
+					signature_params_destroy(scheme);
 					call_hook(this, CRED_HOOK_UNTRUSTED_ROOT, current);
 					break;
 				}