BUG/MINOR: ssl: free correctly the sni in the backend SSL cache __ssl_sock_load_new_ckch_instance() does not free correctly the SNI in the session cache, it only frees the one in the current tid. This bug was introduced with e18d4e8 ("BUG/MEDIUM: ssl: backend TLS resumption with sni and TLSv1.3"). This fix must be backported where the mentionned commit was backported. (all maintained versions).

commit: ce9903319cc5b3cdcaec1ad45253899e7334857c [log] [tgz]
author: William Lallemand <wlallemand@haproxy.org> Tue Nov 23 15:15:09 2021 +0100
committer: William Lallemand <wlallemand@haproxy.org> Tue Nov 23 15:20:59 2021 +0100
tree: bc88a2d3b0ce7b6241fb197330818ce7b1bf839b
parent: a4d09e7ffdbf8a56010ea09c5d5b68d2831be8b8 [diff]
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 8216950..192ad6c 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c

@@ -1799,7 +1799,7 @@
 
 		/* flush the session cache of the server */
 		for (i = 0; i < global.nbthread; i++) {
-			ha_free(&ckchi->server->ssl_ctx.reused_sess[tid].sni);
+			ha_free(&ckchi->server->ssl_ctx.reused_sess[i].sni);
 			ha_free(&ckchi->server->ssl_ctx.reused_sess[i].ptr);
 		}
 		HA_RWLOCK_WRUNLOCK(SSL_SERVER_LOCK, &ckchi->server->ssl_ctx.lock);
commit	ce9903319cc5b3cdcaec1ad45253899e7334857c	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.org>	Tue Nov 23 15:15:09 2021 +0100
committer	William Lallemand <wlallemand@haproxy.org>	Tue Nov 23 15:20:59 2021 +0100
tree	bc88a2d3b0ce7b6241fb197330818ce7b1bf839b
parent	a4d09e7ffdbf8a56010ea09c5d5b68d2831be8b8 [diff]