BUG/MINOR: ssl: free correctly the sni in the backend SSL cache __ssl_sock_load_new_ckch_instance() does not free correctly the SNI in the session cache, it only frees the one in the current tid. This bug was introduced with e18d4e8 ("BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3"). This fix must be backported where the mentionned commit was backported. (all maintained versions). (cherry picked from commit ce9903319cc5b3cdcaec1ad45253899e7334857c) [wla: __ssl_sock_load_new_ckch_instance() did not exist at the time, the free must be done in cli_io_handler_commit_cert() instead] Signed-off-by: William Lallemand <wlallemand@haproxy.org>

commit: 6cd79955a766ce672b72e510c2f2c272629166ff [log] [tgz]
author: William Lallemand <wlallemand@haproxy.org> Tue Nov 23 15:15:09 2021 +0100
committer: William Lallemand <wlallemand@haproxy.org> Tue Nov 23 15:23:14 2021 +0100
tree: 8d5bfb66ad0f6a351289286ad328604fa55dfef2
parent: c78ac5ade6bdaf46634edf08fecd735ab7d0a5f1 [diff] [blame]
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 76ef207..86cc584 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c

@@ -1405,7 +1405,7 @@
 
 						/* flush the session cache of the server */
 						for (i = 0; i < global.nbthread; i++) {
-							ha_free(&ckchi->server->ssl_ctx.reused_sess[tid].ptr);
+							ha_free(&ckchi->server->ssl_ctx.reused_sess[i].ptr);
 							ha_free(&ckchi->server->ssl_ctx.reused_sess[i].sni);
 						}
commit	6cd79955a766ce672b72e510c2f2c272629166ff	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.org>	Tue Nov 23 15:15:09 2021 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Tue Nov 23 15:23:14 2021 +0100
tree	8d5bfb66ad0f6a351289286ad328604fa55dfef2
parent	c78ac5ade6bdaf46634edf08fecd735ab7d0a5f1 [diff] [blame]