On Fri, Oct 09, 2015 at 01:46:50PM +0200, Christopher Faulet wrote: > ssl_ctx_lru_tree could be defined outside the ifdef, but it is only used > when SNI extension is available. So there is no reason to initialize it > if there is no SNI. > > Then, when SNI is available, the tree can be NULL if the cache of > generated certificates is disabled (tune.ssl.ssl-ctx-cache-size == 0). > So, in this situation, we need to free the certificate when the SSL > connection is closed to avoid memory leak. We could want to generate > dynamically SSL certificates without any cache.
Ah OK that makes sense now, thank you! Willy
