From 918794da160436ab9a788aa13ffb9c1dc038a3ea Mon Sep 17 00:00:00 2001
From: Ryan Hileman <lunixbochs@gmail.com>
Date: Thu, 13 Nov 2014 13:34:45 -0800
Subject: [PATCH] improve GC handling (fixes #10)

---
 cert.go |  2 ++
 ctx.go  | 11 ++++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/cert.go b/cert.go
index a6da8c7d..c4b84c3e 100644
--- a/cert.go
+++ b/cert.go
@@ -41,6 +41,7 @@ type Certificate struct {
 	x      *C.X509
 	Issuer *Certificate
 	ref    interface{}
+	pubKey PublicKey
 }
 
 type CertificateInfo struct {
@@ -213,6 +214,7 @@ func (c *Certificate) SetExpireDate(when time.Duration) error {
 
 // SetPubKey assigns a new public key to a certificate.
 func (c *Certificate) SetPubKey(pubKey PublicKey) error {
+	c.pubKey = pubKey
 	if C.X509_set_pubkey(c.x, pubKey.evpPKey()) == 0 {
 		return errors.New("failed to set public key")
 	}
diff --git a/ctx.go b/ctx.go
index 921e9bea..538679f5 100644
--- a/ctx.go
+++ b/ctx.go
@@ -101,6 +101,9 @@ var (
 
 type Ctx struct {
 	ctx       *C.SSL_CTX
+	cert      *Certificate
+	chain     []*Certificate
+	key       PrivateKey
 	verify_cb VerifyCallback
 }
 
@@ -244,6 +247,7 @@ func (c *Ctx) SetEllipticCurve(curve EllipticCurve) error {
 func (c *Ctx) UseCertificate(cert *Certificate) error {
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
+	c.cert = cert
 	if int(C.SSL_CTX_use_certificate(c.ctx, cert.x)) != 1 {
 		return errorFromErrorQueue()
 	}
@@ -255,6 +259,7 @@ func (c *Ctx) UseCertificate(cert *Certificate) error {
 func (c *Ctx) AddChainCertificate(cert *Certificate) error {
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
+	c.chain = append(c.chain, cert)
 	if int(C.SSL_CTX_add_extra_chain_cert_not_a_macro(c.ctx, cert.x)) != 1 {
 		return errorFromErrorQueue()
 	}
@@ -266,6 +271,7 @@ func (c *Ctx) AddChainCertificate(cert *Certificate) error {
 func (c *Ctx) UsePrivateKey(key PrivateKey) error {
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
+	c.key = key
 	if int(C.SSL_CTX_use_PrivateKey(c.ctx, key.evpPKey())) != 1 {
 		return errorFromErrorQueue()
 	}
@@ -274,7 +280,9 @@ func (c *Ctx) UsePrivateKey(key PrivateKey) error {
 
 type CertificateStore struct {
 	store *C.X509_STORE
-	ctx   *Ctx // for gc
+	// for GC
+	ctx   *Ctx
+	certs []*Certificate
 }
 
 // GetCertificateStore returns the context's certificate store that will be
@@ -292,6 +300,7 @@ func (c *Ctx) GetCertificateStore() *CertificateStore {
 func (s *CertificateStore) AddCertificate(cert *Certificate) error {
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
+	s.certs = append(s.certs, cert)
 	if int(C.X509_STORE_add_cert(s.store, cert.x)) != 1 {
 		return errorFromErrorQueue()
 	}