diff --git a/src/crypto.cpp b/src/crypto.cpp
index 5c6fe8ebead92df7bc6a34ab833150907fb72341..9f50150242f21d965adaade4f43c6f37d3fb535e 100644
--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -1038,25 +1038,26 @@ std::pair<Blob,Blob>
Certificate::generateOcspRequest(gnutls_x509_crt_t& issuer)
{
gnutls_ocsp_req_t rreq;
- int ret = gnutls_ocsp_req_init(&rreq);
- if (ret < 0)
- throw CryptoException(gnutls_strerror(ret));
+ int err = gnutls_ocsp_req_init(&rreq);
+ if (err < 0)
+ throw CryptoException(gnutls_strerror(err));
std::unique_ptr<struct gnutls_ocsp_req_int, decltype(&gnutls_ocsp_req_deinit)> req(rreq, &gnutls_ocsp_req_deinit);
- ret = gnutls_ocsp_req_add_cert(req.get(), GNUTLS_DIG_SHA512, issuer, cert);
- if (ret < 0)
- throw CryptoException(gnutls_strerror(ret));
- unsigned char noncebuf[64];
- gnutls_datum_t nonce = { noncebuf, sizeof(noncebuf) };
- ret = gnutls_rnd(GNUTLS_RND_NONCE, nonce.data, nonce.size);
- ret = gnutls_ocsp_req_set_nonce(req.get(), 0, &nonce);
- if (ret < 0)
- throw CryptoException(gnutls_strerror(ret));
+ err = gnutls_ocsp_req_add_cert(req.get(), GNUTLS_DIG_SHA512, issuer, cert);
+ if (err < 0)
+ throw CryptoException(gnutls_strerror(err));
+ Blob noncebuf(64);
+ gnutls_datum_t nonce = { noncebuf.data(), (unsigned)noncebuf.size() };
+ err = gnutls_rnd(GNUTLS_RND_NONCE, nonce.data, nonce.size);
+ err = gnutls_ocsp_req_set_nonce(req.get(), 0, &nonce);
+ if (err < 0)
+ throw CryptoException(gnutls_strerror(err));
gnutls_datum_t rdata;
- ret = gnutls_ocsp_req_export(req.get(), &rdata);
- if (ret != 0)
- throw CryptoException(gnutls_strerror(ret));
- return std::make_pair<Blob,Blob>({rdata.data, rdata.data + rdata.size},
- {nonce.data, nonce.data + nonce.size});
+ err = gnutls_ocsp_req_export(req.get(), &rdata);
+ if (err != 0)
+ throw CryptoException(gnutls_strerror(err));
+ Blob ret(rdata.data, rdata.data + rdata.size);
+ gnutls_free(rdata.data);
+ return std::make_pair<Blob,Blob>(std::move(ret), std::move(noncebuf));
}
// PrivateKey