BUG/MINOR: ssl: free correctly the sni in the backend SSL cache
__ssl_sock_load_new_ckch_instance() does not free correctly the SNI in
the session cache, it only frees the one in the current tid.
This bug was introduced with e18d4e8 ("BUG/MEDIUM: ssl: backend TLS
resumption with sni and TLSv1.3").
This fix must be backported where the mentionned commit was backported.
(all maintained versions).
(cherry picked from commit ce9903319cc5b3cdcaec1ad45253899e7334857c)
[wla: __ssl_sock_load_new_ckch_instance() did not exist at the time, the
free must be done in cli_io_handler_commit_cert() instead]
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 76ef207..86cc584 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1405,7 +1405,7 @@
/* flush the session cache of the server */
for (i = 0; i < global.nbthread; i++) {
- ha_free(&ckchi->server->ssl_ctx.reused_sess[tid].ptr);
+ ha_free(&ckchi->server->ssl_ctx.reused_sess[i].ptr);
ha_free(&ckchi->server->ssl_ctx.reused_sess[i].sni);
}