Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 58feb49ed2d718ac7f5ea20223562a52be85c121^! / .
commit58feb49ed2d718ac7f5ea20223562a52be85c121[log] [tgz]
authorChristopher Faulet <cfaulet@haproxy.com>Wed Oct 07 13:20:23 2020 +0200
committerChristopher Faulet <cfaulet@haproxy.com>Wed Oct 07 14:07:29 2020 +0200
treea66858b9984b72deba70d848d40d8791edaa5410
parentd7c6e6a71d34ec028365c4d4c96063b3d5e0e3a4 [diff]
CLEANUP: ssl: Release cached SSL sessions on deinit

On deinit, when the server SSL ctx is released, we must take care to release the
cached SSL sessions stored in the array <ssl_ctx.reused_sess>. There are
global.nbthread entries in this array, each one may have a pointer on a cached
session.

This patch should fix the issue #802. No backport needed.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index aa9061a..cce06cd 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -4721,6 +4721,14 @@
 	if (srv->ssl_ctx.npn_str)
 		free(srv->ssl_ctx.npn_str);
 #endif
+	if (srv->ssl_ctx.reused_sess) {
+		int i;
+
+		for (i = 0; i < global.nbthread; i++)
+			free(srv->ssl_ctx.reused_sess[i].ptr);
+		free(srv->ssl_ctx.reused_sess);
+	}
+
 	if (srv->ssl_ctx.ctx)
 		SSL_CTX_free(srv->ssl_ctx.ctx);
 }