add cleanup ffi to store context

openssl-sys/src/lib.rs

@@ -2640,6 +2640,7 @@ extern "C" {
     pub fn X509_STORE_set_default_paths(store: *mut X509_STORE) -> c_int;
 
     pub fn X509_STORE_CTX_new() -> *mut X509_STORE_CTX;
+    pub fn X509_STORE_CTX_cleanup(ctx: *mut X509_STORE_CTX);
     pub fn X509_STORE_CTX_init(ctx: *mut X509_STORE_CTX, store: *mut X509_STORE, x509: *mut X509, chain: *mut stack_st_X509) -> c_int;
     pub fn X509_STORE_CTX_free(ctx: *mut X509_STORE_CTX);
     pub fn X509_STORE_CTX_get_current_cert(ctx: *mut X509_STORE_CTX) -> *mut X509;

openssl/src/x509/mod.rs

@@ -117,14 +117,18 @@ impl X509StoreContextRef {
     /// # Result
     /// 
     /// The Result must be `Some(None)` to be a valid certificate, otherwise the cert is not valid.
-    pub fn verify_cert(trust: &store::X509StoreRef, cert: &X509Ref, cert_chain: &StackRef<X509>) -> Result<Option<X509VerifyError>, ErrorStack> {
+    pub fn verify_cert(trust: store::X509Store, cert: X509, cert_chain: Stack<X509>) -> Result<Option<X509VerifyError>, ErrorStack> {
         unsafe {
             ffi::init();
             let context = try!(cvt_p(ffi::X509_STORE_CTX_new()).map(|p| X509StoreContext(p)));
             try!(cvt(ffi::X509_STORE_CTX_init(context.as_ptr(), trust.as_ptr(), cert.as_ptr(), cert_chain.as_ptr()))
                 .map(|_| ()));
             try!(cvt(ffi::X509_verify_cert(context.as_ptr())).map(|_| ()));
-            Ok(context.error())
+            
+            let result = Ok(context.error());
+            ffi::X509_STORE_CTX_cleanup(context.as_ptr());
+
+            result
         }
     }
 

openssl/src/x509/tests.rs

@@ -303,5 +303,5 @@ fn test_verify_cert() {
     store_bldr.add_cert(ca).unwrap();
     let store = store_bldr.build();
 
-    assert!(X509StoreContext::verify_cert(&store, &cert, &Stack::new().unwrap()).unwrap().is_none());
+    assert!(X509StoreContext::verify_cert(store, cert, Stack::new().unwrap()).unwrap().is_none());
 }