this will be useful if we want to be able to call it at runtime through
the CLI. Not 100% mandatory but might be a good protection for future
use.
Signed-off-by: William Dauchy <w.dau...@criteo.com>
---
src/ssl_sock.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index aa9061a6b..0ef7a912b 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4408,6 +4408,10 @@ int ssl_sock_prepare_srv_ctx(struct server *srv)
if (srv->use_ssl == 1)
srv->xprt = &ssl_sock;
+ /* avoid to leak another ctx if ctx is already allocated */
+ if (srv->ssl_ctx.ctx)
+ return cfgerr;
+
ctx = SSL_CTX_new(SSLv23_client_method());
if (!ctx) {
ha_alert("config : %s '%s', server '%s': unable to allocate ssl
context.\n",
@@ -4714,15 +4718,21 @@ int ssl_sock_prepare_bind_conf(struct bind_conf
*bind_conf)
void ssl_sock_free_srv_ctx(struct server *srv)
{
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
- if (srv->ssl_ctx.alpn_str)
+ if (srv->ssl_ctx.alpn_str) {
free(srv->ssl_ctx.alpn_str);
+ srv->ssl_ctx.alpn_str = NULL;
+ }
#endif
#ifdef OPENSSL_NPN_NEGOTIATED
- if (srv->ssl_ctx.npn_str)
+ if (srv->ssl_ctx.npn_str) {
free(srv->ssl_ctx.npn_str);
+ srv->ssl_ctx.npn_str = NULL;
+ }
#endif
- if (srv->ssl_ctx.ctx)
+ if (srv->ssl_ctx.ctx) {
SSL_CTX_free(srv->ssl_ctx.ctx);
+ srv->ssl_ctx.ctx = NULL;
+ }
}
/* Walks down the two trees in bind_conf and frees all the certs. The pointer
may
--
2.28.0
