BUG/MINOR: ssl/cli: memory leak in 'set ssl cert' When deleting the previous SNI entries with 'set ssl cert', the old SSL_CTX' were not free'd, which probably prevent the completion of the free of the X509 in the old ckch_store, because of the refcounts in the SSL library. This bug was introduced by 150bfa8 ("MEDIUM: cli/ssl: handle the creation of SSL_CTX in an IO handler"). Must be backported to 2.1.

commit: 24be710609fe24781b489339273beec29114a3b8 [log] [tgz]
author: William Lallemand <wlallemand@haproxy.com> Wed Apr 08 15:16:51 2020 +0200
committer: William Lallemand <wlallemand@haproxy.org> Wed Apr 08 15:29:10 2020 +0200
tree: 0c200d62938c40e659266237e0e4fda98e95a933
parent: 41ca930e58bba05eb50ac5e265cb0ef8f4533000 [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f58a1c0..0ade7c2 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -12103,6 +12103,8 @@
 
 					HA_RWLOCK_WRLOCK(SNI_LOCK, &ckchi->bind_conf->sni_lock);
 					list_for_each_entry_safe(sc0, sc0s, &ckchi->sni_ctx, by_ckch_inst) {
+						if (sc0->order == 0) /* we only free if it's the first inserted */
+							SSL_CTX_free(sc0->ctx);
 						ebmb_delete(&sc0->name);
 						LIST_DEL(&sc0->by_ckch_inst);
 						free(sc0);
commit	24be710609fe24781b489339273beec29114a3b8	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.com>	Wed Apr 08 15:16:51 2020 +0200
committer	William Lallemand <wlallemand@haproxy.org>	Wed Apr 08 15:29:10 2020 +0200
tree	0c200d62938c40e659266237e0e4fda98e95a933
parent	41ca930e58bba05eb50ac5e265cb0ef8f4533000 [diff]