From: Christopher Faulet <cfaulet@haproxy.com>
Date: Wed, 7 Oct 2020 11:20:23 +0000 (+0200)
Subject: CLEANUP: ssl: Release cached SSL sessions on deinit
X-Git-Tag: v2.3-dev6~88
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=58feb49ed2d718ac7f5ea20223562a52be85c121;p=thirdparty%2Fhaproxy.git

CLEANUP: ssl: Release cached SSL sessions on deinit

On deinit, when the server SSL ctx is released, we must take care to release the
cached SSL sessions stored in the array <ssl_ctx.reused_sess>. There are
global.nbthread entries in this array, each one may have a pointer on a cached
session.

This patch should fix the issue #802. No backport needed.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index aa9061a6b3..cce06cd62f 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4721,6 +4721,14 @@ void ssl_sock_free_srv_ctx(struct server *srv)
 	if (srv->ssl_ctx.npn_str)
 		free(srv->ssl_ctx.npn_str);
 #endif
+	if (srv->ssl_ctx.reused_sess) {
+		int i;
+
+		for (i = 0; i < global.nbthread; i++)
+			free(srv->ssl_ctx.reused_sess[i].ptr);
+		free(srv->ssl_ctx.reused_sess);
+	}
+
 	if (srv->ssl_ctx.ctx)
 		SSL_CTX_free(srv->ssl_ctx.ctx);
 }