fix cert leak found by client auth

security/nss/lib/certhigh/certvfy.c

@@ -425,17 +425,7 @@ loser:
 	    /* need to dupe since caller expects new cert */
 	    return CERT_DupCertificate(cert);
 	} else {
-	    CERTCertificate *rvc;
-	    /* XXX hack - if this is the only instance, return it, otherwise
-	     * the cert came out of the cache or a crypto context, in 
-	     * which case it needs to be duped
-	     */
-	    if (!chain[1]->decoding) {
-		return STAN_GetCERTCertificate(chain[1]);
-	    } else {
-		rvc = STAN_GetCERTCertificate(chain[1]);
-		return CERT_DupCertificate(rvc);
-	    }
+	    return STAN_GetCERTCertificate(chain[1]);
 	}
     } else {
 	PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);