diff options
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index ab172aeaec..4bc4ce5b3a 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1405,13 +1405,24 @@ void SSL_CTX_free(SSL_CTX *a) | |||
| 1405 | abort(); /* ok */ | 1405 | abort(); /* ok */ |
| 1406 | } | 1406 | } |
| 1407 | #endif | 1407 | #endif |
| 1408 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | ||
| 1409 | 1408 | ||
| 1409 | /* | ||
| 1410 | * Free internal session cache. However: the remove_cb() may reference | ||
| 1411 | * the ex_data of SSL_CTX, thus the ex_data store can only be removed | ||
| 1412 | * after the sessions were flushed. | ||
| 1413 | * As the ex_data handling routines might also touch the session cache, | ||
| 1414 | * the most secure solution seems to be: empty (flush) the cache, then | ||
| 1415 | * free ex_data, then finally free the cache. | ||
| 1416 | * (See ticket [openssl.org #212].) | ||
| 1417 | */ | ||
| 1410 | if (a->sessions != NULL) | 1418 | if (a->sessions != NULL) |
| 1411 | { | ||
| 1412 | SSL_CTX_flush_sessions(a,0); | 1419 | SSL_CTX_flush_sessions(a,0); |
| 1420 | |||
| 1421 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); | ||
| 1422 | |||
| 1423 | if (a->sessions != NULL) | ||
| 1413 | lh_free(a->sessions); | 1424 | lh_free(a->sessions); |
| 1414 | } | 1425 | |
| 1415 | if (a->cert_store != NULL) | 1426 | if (a->cert_store != NULL) |
| 1416 | X509_STORE_free(a->cert_store); | 1427 | X509_STORE_free(a->cert_store); |
| 1417 | if (a->cipher_list != NULL) | 1428 | if (a->cipher_list != NULL) |