MINOR: ssl: Release Servers SSL context when HAProxy is shut down

[wt: could be backported to 1.5 as well]
2015-07-29 13:02:40 +02:00 · 2015-07-29 13:02:40 +02:00 · 77fe80c0b4
parent d2cab92e75
commit 77fe80c0b4
3 changed files with 13 additions and 0 deletions
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@ -46,6 +46,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag);
 int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy *proxy);
 int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf, struct proxy *px);
 int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *px);
+void ssl_sock_free_srv_ctx(struct server *srv);
 void ssl_sock_free_all_ctx(struct bind_conf *bind_conf);
 int ssl_sock_load_ca(struct bind_conf *bind_conf, struct proxy *px);
 void ssl_sock_free_ca(struct bind_conf *bind_conf);
--- a/src/haproxy.c
+++ b/src/haproxy.c
@ -1411,6 +1411,10 @@ void deinit(void)
 			free(s->agent.bi);
 			free(s->agent.bo);
 			free((char*)s->conf.file);
+#ifdef USE_OPENSSL
+			if (s->use_ssl || s->check.use_ssl)
+				ssl_sock_free_srv_ctx(s);
+#endif
 			free(s);
 			s = s_next;
 		}/* end while(s) */
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -2444,6 +2444,14 @@ int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf, struct proxy *px)
 	return err;
 }

+
+/* release ssl context allocated for servers. */
+void ssl_sock_free_srv_ctx(struct server *srv)
+{
+	if (srv->ssl_ctx.ctx)
+		SSL_CTX_free(srv->ssl_ctx.ctx);
+}
+
 /* Walks down the two trees in bind_conf and frees all the certs. The pointer may
 * be NULL, in which case nothing is done. The default_ctx is nullified too.
 */