commit 0ebb1d424da107ad4010b261f63e16e857465fc0
Author: William Lallemand <wlallemand@haproxy.org>
Date:   Thu Jan 23 11:42:52 2020 +0100

    BUG/MINOR: ssl: increment issuer refcount if in chain
    
    When using the OCSP response, if the issuer of the response is in
    the certificate chain, its address will be stored in ckch->ocsp_issuer.
    However, since the ocsp_issuer could be filled by a separate file, this
    pointer is free'd. The refcount of the X509 need to be incremented to
    avoid a double free if we free the ocsp_issuer AND the chain.
    
    (cherry picked from commit b829dda57b4c8a44eff53682ed56492ad46ce3ad)
    [wt: checked with William, needed for 2.1]
    Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index e320d908f..180637e6b 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3307,6 +3307,7 @@ static int ssl_sock_load_files_into_ckch(const char *path, struct cert_key_and_c
 			issuer = sk_X509_value(ckch->chain, i);
 			if (X509_check_issued(issuer, ckch->cert) == X509_V_OK) {
 				ckch->ocsp_issuer = issuer;
+				X509_up_ref(ckch->ocsp_issuer);
 				break;
 			} else
 				issuer = NULL;