BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer.

​
As the server early data buffer is allocated in the middle of the loop
used to allocate the SSL session without being freed before retrying,
this leads to a memory leak.
​
To fix this we move the section of code responsible of this early data buffer
alloction after the one reponsible of allocating the SSL session.
​
Must be backported to 2.1 and 2.0.

src/ssl_sock.c

@@ -5999,18 +5999,6 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 			conn->err_code = CO_ER_SSL_NO_MEM;
 			goto err;
 		}
-#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
-		if (__objt_listener(conn->target)->bind_conf->ssl_conf.early_data) {
-			b_alloc(&ctx->early_buf);
-			SSL_set_max_early_data(ctx->ssl,
-			    /* Only allow early data if we managed to allocate
-			     * a buffer.
-			     */
-			    (!b_is_null(&ctx->early_buf)) ?
-			    global.tune.bufsize - global.tune.maxrewrite : 0);
-		}
-#endif
-
 		ctx->bio = BIO_new(ha_meth);
 		if (!ctx->bio) {
 			if (may_retry--) {
@@ -6035,6 +6023,18 @@ static int ssl_sock_init(struct connection *conn, void **xprt_ctx)
 			goto err;
 		}
 
+#if (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
+		if (__objt_listener(conn->target)->bind_conf->ssl_conf.early_data) {
+			b_alloc(&ctx->early_buf);
+			SSL_set_max_early_data(ctx->ssl,
+			    /* Only allow early data if we managed to allocate
+			     * a buffer.
+			     */
+			    (!b_is_null(&ctx->early_buf)) ?
+			    global.tune.bufsize - global.tune.maxrewrite : 0);
+		}
+#endif
+
 		SSL_set_accept_state(ctx->ssl);
 
 		/* leave init state and start handshake */