- Andrei Benea filed bug report #2956698 and pointed out that the

CURLOPT_CERTINFO feature leaked memory due to a missing OpenSSL function
  call. He provided the patch to fix it too.

  http://curl.haxx.se/bug/view.cgi?id=2956698

CHANGES

@@ -7,6 +7,12 @@
                                   Changelog
 
 Daniel Stenberg (2 Mar 2010)
+- Andrei Benea filed bug report #2956698 and pointed out that the
+  CURLOPT_CERTINFO feature leaked memory due to a missing OpenSSL function
+  call. He provided the patch to fix it too.
+
+  http://curl.haxx.se/bug/view.cgi?id=2956698
+
 - Markus Duft pointed out in bug #2961796 that even though Interix has a
   poll() function it doesn't quite work the way we want it so we must disable
   it, and he also provided a patch for it.

RELEASE-NOTES

@@ -25,6 +25,7 @@ This release includes the following bugfixes:
  o TFTP upload
  o FTP timeouts after file transferred completely
  o skip poll() on Interix
+ o CURLOPT_CERTINFO memory leak
 
 This release includes the following known bugs:
 
@@ -35,6 +36,6 @@ advice from friends like these:
 
  Steven M. Schweda, Yang Tse, Jack Zhang, Tom Donovan, Martin Hager,
  Daniel Fandrich, Patrick Monnerat, Pat Ray, Wesley Miaw, Ben Greear,
- Ryan Chan, Markus Duft
+ Ryan Chan, Markus Duft, Andrei Benea
 
         Thanks! (and sorry if I forgot to mention someone)

lib/ssluse.c

@@ -2125,6 +2125,7 @@ static CURLcode get_cert_chain(struct connectdata *conn,
         break;
 #endif
       }
+      EVP_PKEY_free(pubkey);
     }
 
     X509V3_ext(data, i, cinf->extensions);