From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 20 Oct 2011 12:24:09 +0000 (+0200)
Subject: Tell OpenSSL that the data is gone
X-Git-Tag: release_3_0_0_beta0~553
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=001e28ce6623e52ceeca57475191e190d2ed725f;p=thirdparty%2Ffreeradius-server.git

Tell OpenSSL that the data is gone
---

diff --git a/src/main/tls.c b/src/main/tls.c
index c6a6b6ee14e..b1d1cf3e8b4 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -916,6 +916,8 @@ static int generate_eph_rsa_key(SSL_CTX *ctx)
 
 static void cbtls_remove_session(UNUSED SSL_CTX *ctx, SSL_SESSION *sess)
 {
+	int i;
+
 	size_t size;
 	VALUE_PAIR *vp;
 	char buffer[2 * MAX_SESSION_SIZE + 1];
@@ -930,6 +932,10 @@ static void cbtls_remove_session(UNUSED SSL_CTX *ctx, SSL_SESSION *sess)
 	vp = SSL_SESSION_get_ex_data(sess, FR_TLS_EX_INDEX_VPS);
 	if (vp) pairfree(&vp);
 
+	for (i = 0; i <= FR_TLS_EX_INDEX_STORE; i++) {
+		SSL_SESSION_get_ex_data(sess, i, NULL);
+	}
+
         SSL_SESSION_free(sess);
 
         return;