From ea886ed62b214d67b9c8163b78cdcc497810deea Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Wed, 20 Aug 2014 18:29:33 -0600
Subject: [PATCH] Do not leak fake SSL certificate context cache when
 reconfigure changes port addresses.

We believe that deleting a cached LocalContextStorage object does not actually
affect connections that use the corresponding SSL_CTX and certificate because
any SSL object using those things increments their sharing counter and
deleting LocalContextStorage only decrements that counter. The [cached]
SSL_CTX object is not destroyed by SSL_CTX_free until that sharing counter
reaches zero.
---
 src/ssl/context_storage.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/ssl/context_storage.cc b/src/ssl/context_storage.cc
index f0cb0005a8..a2e0bd7884 100644
--- a/src/ssl/context_storage.cc
+++ b/src/ssl/context_storage.cc
@@ -90,6 +90,7 @@ void Ssl::GlobalContextStorage::reconfigureFinish()
         for (std::map<Ip::Address, LocalContextStorage *>::iterator i = storage.begin(); i != storage.end(); ++i) {
             std::map<Ip::Address, size_t>::iterator conf_i = configureStorage.find(i->first);
             if (conf_i == configureStorage.end() || conf_i->second <= 0) {
+                delete i->second;
                 storage.erase(i);
             } else {
                 i->second->setMemLimit(conf_i->second);
-- 
2.47.3