1 files changed, 10 insertions, 3 deletions

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 446f93430d..b639873df4 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.61 2017/04/05 03:19:22 beck Exp $ */
+/* $OpenBSD: tls.c,v 1.62 2017/05/06 20:59:28 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -50,6 +50,8 @@ tls_init(void)
         if ((tls_config_default = tls_config_new()) == NULL)
                 return (-1);
 
+        tls_config_default->refcount++;
+
         tls_initialised = 1;
 
         return (0);
@@ -230,9 +232,8 @@ tls_new(void)
         if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
                 return (NULL);
 
-        ctx->config = tls_config_default;
-
         tls_reset(ctx);
+        tls_configure(ctx, tls_config_default);
 
         return (ctx);
 }
@@ -243,6 +244,9 @@ tls_configure(struct tls *ctx, struct tls_config *config)
         if (config == NULL)
                 config = tls_config_default;
 
+        config->refcount++;
+
+        tls_config_free(ctx->config);
         ctx->config = config;
 
         if ((ctx->flags & TLS_SERVER) != 0)
@@ -521,6 +525,9 @@ tls_reset(struct tls *ctx)
 {
         struct tls_sni_ctx *sni, *nsni;
 
+        tls_config_free(ctx->config);
+        ctx->config = NULL;
+
         SSL_CTX_free(ctx->ssl_ctx);
         SSL_free(ctx->ssl_conn);
         X509_free(ctx->ssl_peer_cert);