tls: Fix SSL_CTX leak on every client session
Type: fix Change-Id: I35b3920288269073cdd35f79c938396128d169c9 Signed-off-by: Brian Morris <bmorris2@cisco.com>
This commit is contained in:
Brian Morris
committed by
Florin Coras
Florin Coras
parent
9eaf377a38
commit
733e093e70
@ -72,7 +72,7 @@ openssl_ctx_free (tls_ctx_t * ctx)
|
|||||||
|
|
||||||
SSL_free (oc->ssl);
|
SSL_free (oc->ssl);
|
||||||
vec_free (ctx->srv_hostname);
|
vec_free (ctx->srv_hostname);
|
||||||
|
SSL_CTX_free (oc->client_ssl_ctx);
|
||||||
#ifdef HAVE_OPENSSL_ASYNC
|
#ifdef HAVE_OPENSSL_ASYNC
|
||||||
openssl_evt_free (ctx->evt_index, ctx->c_thread_index);
|
openssl_evt_free (ctx->evt_index, ctx->c_thread_index);
|
||||||
#endif
|
#endif
|
||||||
@ -739,30 +739,31 @@ openssl_ctx_init_client (tls_ctx_t * ctx)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
oc->ssl_ctx = SSL_CTX_new (method);
|
oc->client_ssl_ctx = SSL_CTX_new (method);
|
||||||
if (oc->ssl_ctx == NULL)
|
if (oc->client_ssl_ctx == NULL)
|
||||||
{
|
{
|
||||||
TLS_DBG (1, "SSL_CTX_new returned null");
|
TLS_DBG (1, "SSL_CTX_new returned null");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_CTX_set_ecdh_auto (oc->ssl_ctx, 1);
|
SSL_CTX_set_ecdh_auto (oc->client_ssl_ctx, 1);
|
||||||
SSL_CTX_set_mode (oc->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
|
SSL_CTX_set_mode (oc->client_ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
|
||||||
#ifdef HAVE_OPENSSL_ASYNC
|
#ifdef HAVE_OPENSSL_ASYNC
|
||||||
if (om->async)
|
if (om->async)
|
||||||
SSL_CTX_set_mode (oc->ssl_ctx, SSL_MODE_ASYNC);
|
SSL_CTX_set_mode (oc->client_ssl_ctx, SSL_MODE_ASYNC);
|
||||||
#endif
|
#endif
|
||||||
rv = SSL_CTX_set_cipher_list (oc->ssl_ctx, (const char *) om->ciphers);
|
rv =
|
||||||
|
SSL_CTX_set_cipher_list (oc->client_ssl_ctx, (const char *) om->ciphers);
|
||||||
if (rv != 1)
|
if (rv != 1)
|
||||||
{
|
{
|
||||||
TLS_DBG (1, "Couldn't set cipher");
|
TLS_DBG (1, "Couldn't set cipher");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
SSL_CTX_set_options (oc->ssl_ctx, flags);
|
SSL_CTX_set_options (oc->client_ssl_ctx, flags);
|
||||||
SSL_CTX_set_cert_store (oc->ssl_ctx, om->cert_store);
|
SSL_CTX_set1_cert_store (oc->client_ssl_ctx, om->cert_store);
|
||||||
|
|
||||||
oc->ssl = SSL_new (oc->ssl_ctx);
|
oc->ssl = SSL_new (oc->client_ssl_ctx);
|
||||||
if (oc->ssl == NULL)
|
if (oc->ssl == NULL)
|
||||||
{
|
{
|
||||||
TLS_DBG (1, "Couldn't initialize ssl struct");
|
TLS_DBG (1, "Couldn't initialize ssl struct");
|
||||||
|
|||||||
@ -33,7 +33,7 @@ typedef struct tls_ctx_openssl_
|
|||||||
{
|
{
|
||||||
tls_ctx_t ctx; /**< First */
|
tls_ctx_t ctx; /**< First */
|
||||||
u32 openssl_ctx_index;
|
u32 openssl_ctx_index;
|
||||||
SSL_CTX *ssl_ctx;
|
SSL_CTX *client_ssl_ctx;
|
||||||
SSL *ssl;
|
SSL *ssl;
|
||||||
BIO *rbio;
|
BIO *rbio;
|
||||||
BIO *wbio;
|
BIO *wbio;
|
||||||
|
|||||||
Reference in New Issue
Block a user