Use isc_tlsctx_attach() in TLS stream code

This commit adds proper reference counting for TLS contexts into
generic TLS stream code.

diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c
index d0c4868faefdb78676f9fcd2b53fac1e983c0396..dfff57f0dd7a1863c58b35d390fd8da432f9f488 100644 (file)
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@@ -604,7 +604,8 @@ tlslisten_acceptcb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
                           &handle->sock->iface);
 
        /* We need to initialize SSL now to reference SSL_CTX properly */
-       tlssock->tlsstream.ctx = tlslistensock->tlsstream.ctx;
+       isc_tlsctx_attach(tlslistensock->tlsstream.ctx,
+                         &tlssock->tlsstream.ctx);
        tlssock->tlsstream.tls = isc_tls_create(tlssock->tlsstream.ctx);
        if (tlssock->tlsstream.tls == NULL) {
                atomic_store(&tlssock->closed, true);
@@ -618,8 +619,6 @@ tlslisten_acceptcb(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
        tlssock->read_timeout = atomic_load(&handle->sock->mgr->init);
        tlssock->tid = isc_nm_tid();
 
-       tlssock->tlsstream.ctx = tlslistensock->tlsstream.ctx;
-
        result = initialize_tls(tlssock, true);
        RUNTIME_CHECK(result == ISC_R_SUCCESS);
        /* TODO: catch failure code, detach tlssock, and log the error */
@@ -644,7 +643,7 @@ isc_nm_listentls(isc_nm_t *mgr, isc_sockaddr_t *iface,
        tlssock->result = ISC_R_UNSET;
        tlssock->accept_cb = accept_cb;
        tlssock->accept_cbarg = accept_cbarg;
-       tlssock->tlsstream.ctx = sslctx;
+       isc_tlsctx_attach(sslctx, &tlssock->tlsstream.ctx);
        tlssock->tlsstream.tls = NULL;
 
        /*
@@ -868,7 +867,7 @@ isc__nm_tls_stoplistening(isc_nmsocket_t *sock) {
        sock->recv_cbarg = NULL;
        if (sock->tlsstream.tls != NULL) {
                isc_tls_free(&sock->tlsstream.tls);
-               sock->tlsstream.ctx = NULL;
+               isc_tlsctx_free(&sock->tlsstream.ctx);
        }
 
        if (sock->outer != NULL) {
@@ -898,7 +897,7 @@ isc_nm_tlsconnect(isc_nm_t *mgr, isc_sockaddr_t *local, isc_sockaddr_t *peer,
        nsock->connect_cb = cb;
        nsock->connect_cbarg = cbarg;
        nsock->connect_timeout = timeout;
-       nsock->tlsstream.ctx = ctx;
+       isc_tlsctx_attach(ctx, &nsock->tlsstream.ctx);
 
        isc_nm_tcpconnect(mgr, local, peer, tcp_connected, nsock,
                          nsock->connect_timeout);
@@ -1011,13 +1010,19 @@ isc__nm_tls_cleanup_data(isc_nmsocket_t *sock) {
                REQUIRE(VALID_NMSOCK(sock->tlsstream.tlslistener));
                isc__nmsocket_detach(&sock->tlsstream.tlslistener);
        } else if (sock->type == isc_nm_tlssocket) {
+               if (sock->tlsstream.ctx != NULL) {
+                       isc_tlsctx_free(&sock->tlsstream.ctx);
+               }
                if (sock->tlsstream.tls != NULL) {
                        isc_tls_free(&sock->tlsstream.tls);
                        /* These are destroyed when we free SSL */
-                       sock->tlsstream.ctx = NULL;
                        sock->tlsstream.bio_out = NULL;
                        sock->tlsstream.bio_in = NULL;
                }
+       } else if (sock->type == isc_nm_tlslistener) {
+               if (sock->tlsstream.ctx != NULL) {
+                       isc_tlsctx_free(&sock->tlsstream.ctx);
+               }
        }
 }