From 8ab05e111a37abbf6769609131275803b9efee0d Mon Sep 17 00:00:00 2001
From: Jonathan Schleifer <js@webkeks.org>
Date: Wed, 25 Jan 2012 20:33:40 +0100
Subject: [PATCH] Fix a missing copy.

---
 src/SSLSocket.m | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/SSLSocket.m b/src/SSLSocket.m
index d09f52b..7b0ae08 100644
--- a/src/SSLSocket.m
+++ b/src/SSLSocket.m
@@ -111,15 +111,17 @@ ssl_locking_callback(int mode, int n, const char *file, int line)
 		    certificateFile: nil];
 }
 
-- initWithSocket: (OFTCPSocket*)socket
-  privateKeyFile: (OFString*)privateKeyFile_
- certificateFile: (OFString*)certificateFile_
+-  initWithSocket: (OFTCPSocket*)socket
+   privateKeyFile: (OFString*)privateKeyFile_
+  certificateFile: (OFString*)certificateFile_
 {
 	self = [self init];
 
 	@try {
-		privateKeyFile = privateKeyFile_;
-		certificateFile = certificateFile_;
+		/* FIXME: Also allow with accepted sockets */
+
+		privateKeyFile = [privateKeyFile_ copy];
+		certificateFile = [certificateFile_ copy];
 
 		sock = dup(socket->sock);
 
@@ -366,18 +368,20 @@ ssl_locking_callback(int mode, int n, const char *file, int line)
 - (X509Certificate*)peerCertificate
 {
 	X509 *certificate = SSL_get_peer_certificate(ssl);
+
 	if (!certificate)
 		return nil;
 
 	return [[[X509Certificate alloc]
-		initWithX509Struct: certificate] autorelease];
+	    initWithX509Struct: certificate] autorelease];
 }
 
 - (void)verifyPeerCertificate
 {
 	unsigned long ret;
-	if ((SSL_get_peer_certificate(ssl) == NULL)
-	    || ((ret = SSL_get_verify_result(ssl)) != X509_V_OK)) {
+
+	if ((SSL_get_peer_certificate(ssl) == NULL) ||
+	    ((ret = SSL_get_verify_result(ssl)) != X509_V_OK)) {
 		const char *reason = X509_verify_cert_error_string(ret);
 		@throw [SSLInvalidCertificateException
 			exceptionWithClass: isa