MINOR: ssl: Release Servers SSL context when HAProxy is shut down
[wt: could be backported to 1.5 as well]
diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index 1b6c081..b877580 100644
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@@ -46,6 +46,7 @@
int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy *proxy);
int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf, struct proxy *px);
int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *px);
+void ssl_sock_free_srv_ctx(struct server *srv);
void ssl_sock_free_all_ctx(struct bind_conf *bind_conf);
int ssl_sock_load_ca(struct bind_conf *bind_conf, struct proxy *px);
void ssl_sock_free_ca(struct bind_conf *bind_conf);
diff --git a/src/haproxy.c b/src/haproxy.c
index 217247d..62fb603 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1411,6 +1411,10 @@
free(s->agent.bi);
free(s->agent.bo);
free((char*)s->conf.file);
+#ifdef USE_OPENSSL
+ if (s->use_ssl || s->check.use_ssl)
+ ssl_sock_free_srv_ctx(s);
+#endif
free(s);
s = s_next;
}/* end while(s) */
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index deb658e..0703bc4 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2444,6 +2444,14 @@
return err;
}
+
+/* release ssl context allocated for servers. */
+void ssl_sock_free_srv_ctx(struct server *srv)
+{
+ if (srv->ssl_ctx.ctx)
+ SSL_CTX_free(srv->ssl_ctx.ctx);
+}
+
/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
* be NULL, in which case nothing is done. The default_ctx is nullified too.
*/