This is an automated email from the ASF dual-hosted git repository.
jpeach pushed a commit to branch master
in repository https://git-dual.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 3303385 Release SSL sessions with SSLReleaseContext.
3303385 is described below
commit 3303385fe591012e13c352c43dc95d52e8f4617f
Author: James Peach <[email protected]>
AuthorDate: Sun Apr 24 16:31:12 2016 -0700
Release SSL sessions with SSLReleaseContext.
We should prefer SSLReleaseContext() to raw SSL_CTX_free().
SSLReleaseContext() was originally added when we needed to do
additional cleanup to what SS_CTX_free() does. We don't need this
any more, but it is still worth using SSLReleaseContext() for API
consistency and future-proofing.
---
iocore/net/P_SSLUtils.h | 3 ++-
iocore/net/SSLCertLookup.cc | 7 +++----
iocore/net/SSLClientUtils.cc | 2 +-
iocore/net/SSLNetProcessor.cc | 6 ++----
iocore/net/SSLUtils.cc | 14 ++++++++------
5 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/iocore/net/P_SSLUtils.h b/iocore/net/P_SSLUtils.h
index 9a15426..d4dd94d 100644
--- a/iocore/net/P_SSLUtils.h
+++ b/iocore/net/P_SSLUtils.h
@@ -123,7 +123,8 @@ void SSLInitializeLibrary();
// Initialize SSL statistics.
void SSLInitializeStatistics();
-// Release SSL_CTX and the associated data
+// Release SSL_CTX and the associated data. This works for both
+// client and server contexts and gracefully accepts NULL.
void SSLReleaseContext(SSL_CTX *ctx);
// Wrapper functions to SSL I/O routines
diff --git a/iocore/net/SSLCertLookup.cc b/iocore/net/SSLCertLookup.cc
index 5a865ae..9c0cdb6 100644
--- a/iocore/net/SSLCertLookup.cc
+++ b/iocore/net/SSLCertLookup.cc
@@ -166,10 +166,9 @@ SSLCertContext::release()
ticket_block_free(keyblock);
keyblock = NULL;
}
- if (ctx) {
- SSL_CTX_free(ctx);
- ctx = NULL;
- }
+
+ SSLReleaseContext(ctx);
+ ctx = NULL;
}
SSLCertLookup::SSLCertLookup() : ssl_storage(new SSLContextStorage()),
ssl_default(NULL), is_valid(true)
diff --git a/iocore/net/SSLClientUtils.cc b/iocore/net/SSLClientUtils.cc
index be78389..97d4d08 100644
--- a/iocore/net/SSLClientUtils.cc
+++ b/iocore/net/SSLClientUtils.cc
@@ -181,6 +181,6 @@ SSLInitClientContext(const SSLConfigParams *params)
return client_ctx;
fail:
- SSL_CTX_free(client_ctx);
+ SSLReleaseContext(client_ctx);
_exit(1);
}
diff --git a/iocore/net/SSLNetProcessor.cc b/iocore/net/SSLNetProcessor.cc
index 7203dc7..9d2ef47 100644
--- a/iocore/net/SSLNetProcessor.cc
+++ b/iocore/net/SSLNetProcessor.cc
@@ -52,10 +52,8 @@ struct OCSPContinuation : public Continuation {
void
SSLNetProcessor::cleanup(void)
{
- if (client_ctx) {
- SSL_CTX_free(client_ctx);
- client_ctx = NULL;
- }
+ SSLReleaseContext(client_ctx);
+ client_ctx = NULL;
}
int
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 96af263..bd41877 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1019,7 +1019,7 @@ SSLInitializeStatistics()
}
SSL_free(ssl);
- SSL_CTX_free(ctx);
+ SSLReleaseContext(ctx);
}
// return true if we have a stat for the error
@@ -1554,7 +1554,7 @@ SSLInitServerContext(const SSLConfigParams *params, const
ssl_user_config &sslMu
fail:
SSL_CLEAR_PW_REFERENCES(ud, ctx)
- SSL_CTX_free(ctx);
+ SSLReleaseContext(ctx);
for (unsigned int i = 0; i < certList.length(); i++) {
X509_free(certList[i]);
}
@@ -1800,15 +1800,16 @@ ssl_store_ssl_context(const SSLConfigParams *params,
SSLCertLookup *lookup, cons
SSLConfigParams::init_ssl_ctx_cb(ctx, true);
}
}
+
if (!inserted) {
- if (ctx != NULL) {
- SSL_CTX_free(ctx);
- ctx = NULL;
- }
+ SSLReleaseContext(ctx);
+ ctx = NULL;
}
+
for (unsigned int i = 0; i < cert_list.length(); i++) {
X509_free(cert_list[i]);
}
+
return ctx;
}
@@ -2026,6 +2027,7 @@ ssl_callback_session_ticket(SSL *ssl, unsigned char
*keyname, unsigned char *iv,
void
SSLReleaseContext(SSL_CTX *ctx)
{
+ // SSL_CTX_free() does nothing if ctx in NULL, so there's no need to check.
SSL_CTX_free(ctx);
}
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
