1 files changed, 14 insertions, 10 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 4a87a146e3..4bc4ce5b3a 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a)
                abort(); /* ok */
                }
 #endif
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+        /*
+         * Free internal session cache. However: the remove_cb() may reference
+         * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+         * after the sessions were flushed.
+         * As the ex_data handling routines might also touch the session cache,
+         * the most secure solution seems to be: empty (flush) the cache, then
+         * free ex_data, then finally free the cache.
+         * (See ticket [openssl.org #212].)
+         */
        if (a->sessions != NULL)
-                {
                SSL_CTX_flush_sessions(a,0);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+        if (a->sessions != NULL)
                lh_free(a->sessions);
-                }
        if (a->cert_store != NULL)
                X509_STORE_free(a->cert_store);
        if (a->cipher_list != NULL)
@@ -2289,10 +2300,3 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
 IMPLEMENT_STACK_OF(SSL_CIPHER)
 IMPLEMENT_STACK_OF(SSL_COMP)
-void OpenSSLDie(const char *file,int line,const char *assertion)
-    {
-    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
-            file,line,assertion);
-    abort();
-    }

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 4a87a146e3..4bc4ce5b3a 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a)
1405	abort(); /* ok */	1405	abort(); /* ok */
1406	}	1406	}
1407	#endif	1407	#endif
1408	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
1409		1408
		1409	/*
		1410	* Free internal session cache. However: the remove_cb() may reference
		1411	* the ex_data of SSL_CTX, thus the ex_data store can only be removed
		1412	* after the sessions were flushed.
		1413	* As the ex_data handling routines might also touch the session cache,
		1414	* the most secure solution seems to be: empty (flush) the cache, then
		1415	* free ex_data, then finally free the cache.
		1416	* (See ticket [openssl.org #212].)
		1417	*/
1410	if (a->sessions != NULL)	1418	if (a->sessions != NULL)
1411	{
1412	SSL_CTX_flush_sessions(a,0);	1419	SSL_CTX_flush_sessions(a,0);
		1420
		1421	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
		1422
		1423	if (a->sessions != NULL)
1413	lh_free(a->sessions);	1424	lh_free(a->sessions);
1414	}	1425
1415	if (a->cert_store != NULL)	1426	if (a->cert_store != NULL)
1416	X509_STORE_free(a->cert_store);	1427	X509_STORE_free(a->cert_store);
1417	if (a->cipher_list != NULL)	1428	if (a->cipher_list != NULL)
@@ -2289,10 +2300,3 @@ void SSL_set_msg_callback(SSL ssl, void (cb)(int write_p, int version, int con
2289		2300
2290	IMPLEMENT_STACK_OF(SSL_CIPHER)	2301	IMPLEMENT_STACK_OF(SSL_CIPHER)
2291	IMPLEMENT_STACK_OF(SSL_COMP)	2302	IMPLEMENT_STACK_OF(SSL_COMP)
2292
2293	void OpenSSLDie(const char file,int line,const char assertion)
2294	{
2295	fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
2296	file,line,assertion);
2297	abort();
2298	}