The previous fix da95fd90 ("BUILD/MINOR: ssl: fix build with non-alpn/
non-npn libssl") does fix the build in old OpenSSL release, but I
overlooked that the ctx is only freed when NPN is supported.
Fix this by moving the #endif to the proper place (this was broken in
c7566001 ("MINOR: server: Add "alpn" and "npn" keywords")).
---
>> Move the #ifdef's around so that we build again with older OpenSSL
>> releases (0.9.8 was tested).
>
> Applied, thank you Lukas!
I didn't see the real issue, the entire #ifdef was in the wrong place
and we have to move the #endif as well, otherwise we don't free the ctx
when NPN is not supported.
---
src/ssl_sock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 86d4f22..a73fb2d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4846,9 +4846,9 @@ void ssl_sock_free_srv_ctx(struct server *srv)
#ifdef OPENSSL_NPN_NEGOTIATED
if (srv->ssl_ctx.npn_str)
free(srv->ssl_ctx.npn_str);
+#endif
if (srv->ssl_ctx.ctx)
SSL_CTX_free(srv->ssl_ctx.ctx);
-#endif
}
/* Walks down the two trees in bind_conf and frees all the certs. The pointer
may
--
2.7.4