From 55a90c3735b79db0b772ff35162886bf1ec24a33 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 15 Jul 2020 12:11:38 +0200
Subject: [PATCH] nts: deinit gnutls when setting of credentials fails

This is needed to cleanly exit when the server key/cert couldn't be
loaded.
---
 nts_ke_session.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/nts_ke_session.c b/nts_ke_session.c
index a0ef424..7bee46f 100644
--- a/nts_ke_session.c
+++ b/nts_ke_session.c
@@ -622,7 +622,8 @@ init_gnutls(void)
 static void
 deinit_gnutls(void)
 {
-  assert(gnutls_initialised);
+  if (!gnutls_initialised || credentials_counter > 0)
+    return;
 
   LCL_RemoveParameterChangeHandler(handle_step, NULL);
 
@@ -674,6 +675,7 @@ error:
   LOG(LOGS_ERR, "Could not set credentials : %s", gnutls_strerror(r));
   if (credentials)
     gnutls_certificate_free_credentials(credentials);
+  deinit_gnutls();
   return NULL;
 }
 
@@ -684,9 +686,6 @@ NKSN_DestroyCertCredentials(void *credentials)
 {
   gnutls_certificate_free_credentials(credentials);
   credentials_counter--;
-  if (credentials_counter != 0)
-    return;
-
   deinit_gnutls();
 }