fix #1843: always free certificate file after reading it

Reading https://$host:8006/nodes repeadedly leads to pveproxy keeping
a filedescriptor open for each node-certificate in the cluster and
eventually reaching its NOFile limit..

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 7569abcd7e8836cceca62fc44f79201213d6d377..30c3f480c74f2cf58ca8880350411869fa7abdde 100644 (file)
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1533,10 +1533,9 @@ sub read_ssl_cert_fingerprint {
        or die "unable to read '$cert_path' - $!\n";
 
     my $cert = Net::SSLeay::PEM_read_bio_X509($bio);
-    if (!$cert) {
-       Net::SSLeay::BIO_free($bio);
-       die "unable to read certificate from '$cert_path'\n";
-    }
+    Net::SSLeay::BIO_free($bio);
+
+    die "unable to read certificate from '$cert_path'\n" if (!$cert);
 
     my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
     Net::SSLeay::X509_free($cert);