MINOR: ssl: free the crtlist and the ckch during the deinit()

Add some functions to deinit the whole crtlist and ckch architecture.

It will free all crtlist, crtlist_entry, ckch_store, ckch_inst and their
associated SNI, ssl_conf and SSL_CTX.

The SSL_CTX in the default_ctx and initial_ctx still needs to be free'd
separately.

diff --git a/include/haproxy/ssl_ckch.h b/include/haproxy/ssl_ckch.h
index 919389d6c0724ec6f859b5d090b0603f57d2f5f4..46b91673bc726ad2206884952b634caa8dfc4df2 100644 (file)
--- a/include/haproxy/ssl_ckch.h
+++ b/include/haproxy/ssl_ckch.h
@@ -61,5 +61,7 @@ int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
 int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
                              struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err);
 
+void ckch_deinit();
+
 #endif /* USE_OPENSSL */
 #endif /* _HAPROXY_SSL_CRTLIST_H */

diff --git a/include/haproxy/ssl_crtlist.h b/include/haproxy/ssl_crtlist.h
index 1650ddc3233c1e7e87ff80929926fdda16a1d758..c7728394fcbc3a88f1c420bed96850c0a5462d12 100644 (file)
--- a/include/haproxy/ssl_crtlist.h
+++ b/include/haproxy/ssl_crtlist.h
@@ -41,5 +41,8 @@ struct crtlist *crtlist_new(const char *filename, int unique);
 int crtlist_parse_line(char *line, char **crt_path, struct crtlist_entry *entry, const char *file, int linenum, char **err);
 int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, struct crtlist **crtlist, char **err);
 int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct crtlist **crtlist, char **err);
+
+void crtlist_deinit();
+
 #endif /* USE_OPENSSL */
 #endif /* _HAPROXY_SSL_CRTLIST_H */

diff --git a/src/haproxy.c b/src/haproxy.c
index 802a88fbe6bb313cb4df1bd1ec3b6350a479420f..9e8ffa9b0ff2fe74ef5b237e08419db23c5e5df2 100644 (file)
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -2785,6 +2785,10 @@ void deinit(void)
                        free(l);
                }
 
+               /* SSL storage */
+               crtlist_deinit(); /* must be free'd before the ckchs */
+               ckch_deinit();
+
                /* Release unused SSL configs. */
                list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
                        if (bind_conf->xprt->destroy_bind_conf)

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 7a92934ac92cacbd09c6de034d6868cff7155410..537c7ea7d1de783bad28eb130029e39113dfb2d7 100644 (file)
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1889,6 +1889,19 @@ error:
        return cli_dynerr(appctx, err);
 }
 
+void ckch_deinit()
+{
+       struct eb_node *node, *next;
+       struct ckch_store *store;
+
+       node = eb_first(&ckchs_tree);
+       while (node) {
+               next = eb_next(node);
+               store = ebmb_entry(node, struct ckch_store, node);
+               ckch_store_free(store);
+               node = next;
+       }
+}
 
 /* register cli keywords */
 static struct cli_kw_list cli_kws = {{ },{

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 0fbd3f0ac2a7563a97ac4357a9eb5b37fa95f96a..1d282a9f14f6d946031d05599ad26ca6da193f46 100644 (file)
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -1265,6 +1265,21 @@ error:
 }
 
 
+/* unlink and free all crt-list and crt-list entries */
+void crtlist_deinit()
+{
+       struct eb_node *node, *next;
+       struct crtlist *crtlist;
+
+       node = eb_first(&crtlists_tree);
+       while (node) {
+               next = eb_next(node);
+               crtlist = ebmb_entry(node, struct crtlist, node);
+               crtlist_free(crtlist);
+               node = next;
+       }
+}
+
 
 /* register cli keywords */
 static struct cli_kw_list cli_kws = {{ },{