Daniel Black filed bug #1704675 (http://curl.haxx.se/bug/view.cgi?id=1704675)

identifying a double-free problem in the SSL-dealing layer, telling GnuTLS to
free NULL credentials on closedown after a failure and a bad #ifdef for NSS
when closing down SSL.

CHANGES

@@ -6,6 +6,12 @@
 
                                   Changelog
 
+Daniel S (21 April 2007)
+- Daniel Black filed bug #1704675
+  (http://curl.haxx.se/bug/view.cgi?id=1704675) identifying a double-free
+  problem in the SSL-dealing layer, telling GnuTLS to free NULL credentials on
+  closedown after a failure and a bad #ifdef for NSS when closing down SSL.
+
 Yang Tse (20 April 2007)
 - Save one call to curlx_tvnow(), which calls gettimeofday(), in each of
   Curl_socket_ready(), Curl_poll() and Curl_select() when these are called

RELEASE-NOTES

@@ -23,6 +23,9 @@ This release includes the following bugfixes:
  o test suite SSL certificate works better with newer stunnel
  o internal progress meter update frequency back to once per second
  o avoid some unnecessary calls to function gettimeofday
+ o a double-free in the SSL-layer
+ o GnuTLS free of NULL credentials
+ o NSS-fix for closing down SSL
 
 This release includes the following known bugs:
 
@@ -42,6 +45,7 @@ New curl mirrors:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- Song Ma, Dan Fandrich, Yang Tse, Jay Austin, Robert Iakobashvil, James Housley
+ Song Ma, Dan Fandrich, Yang Tse, Jay Austin, Robert Iakobashvil,
+ James Housley, Daniel Black
 
         Thanks! (and sorry if I forgot to mention someone)

lib/gtls.c

@@ -502,7 +502,8 @@ static void close_one(struct connectdata *conn,
     gnutls_bye(conn->ssl[index].session, GNUTLS_SHUT_RDWR);
     gnutls_deinit(conn->ssl[index].session);
   }
-  gnutls_certificate_free_credentials(conn->ssl[index].cred);
+  if(conn->ssl[index].cred)
+    gnutls_certificate_free_credentials(conn->ssl[index].cred);
 }
 
 void Curl_gtls_close(struct connectdata *conn)