From 58feb49ed2d718ac7f5ea20223562a52be85c121 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Wed, 7 Oct 2020 13:20:23 +0200
Subject: [PATCH] CLEANUP: ssl: Release cached SSL sessions on deinit

On deinit, when the server SSL ctx is released, we must take care to release the
cached SSL sessions stored in the array <ssl_ctx.reused_sess>. There are
global.nbthread entries in this array, each one may have a pointer on a cached
session.

This patch should fix the issue #802. No backport needed.
---
 src/ssl_sock.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index aa9061a6b3..cce06cd62f 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4721,6 +4721,14 @@ void ssl_sock_free_srv_ctx(struct server *srv)
 	if (srv->ssl_ctx.npn_str)
 		free(srv->ssl_ctx.npn_str);
 #endif
+	if (srv->ssl_ctx.reused_sess) {
+		int i;
+
+		for (i = 0; i < global.nbthread; i++)
+			free(srv->ssl_ctx.reused_sess[i].ptr);
+		free(srv->ssl_ctx.reused_sess);
+	}
+
 	if (srv->ssl_ctx.ctx)
 		SSL_CTX_free(srv->ssl_ctx.ctx);
 }
-- 
2.47.3