mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-21 22:01:31 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: ssl: free correctly the sni in the backend SSL cache

Browse Source 
__ssl_sock_load_new_ckch_instance() does not free correctly the SNI in
the session cache, it only frees the one in the current tid.

This bug was introduced with e18d4e8 ("BUG/MEDIUM: ssl: backend TLS
resumption with sni and TLSv1.3").

This fix must be backported where the mentionned commit was backported.
(all maintained versions).
This commit is contained in:
William Lallemand 2021-11-23 15:15:09 +01:00
parent a4d09e7ffd
commit ce9903319c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_ckch.c
View File

@ -1799,7 +1799,7 @@ static void __ssl_sock_load_new_ckch_instance(struct ckch_inst *ckchi)
/* flush the session cache of the server */
for (i = 0; i < global.nbthread; i++) {
ha_free(&ckchi->server->ssl_ctx.reused_sess[tid].sni);
ha_free(&ckchi->server->ssl_ctx.reused_sess[i].sni);
ha_free(&ckchi->server->ssl_ctx.reused_sess[i].ptr);
}
HA_RWLOCK_WRUNLOCK(SSL_SERVER_LOCK, &ckchi->server->ssl_ctx.lock);