mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-08 16:17:09 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: ssl: free the crtlist and the ckch during the deinit()

Browse Source 
Add some functions to deinit the whole crtlist and ckch architecture.

It will free all crtlist, crtlist_entry, ckch_store, ckch_inst and their
associated SNI, ssl_conf and SSL_CTX.

The SSL_CTX in the default_ctx and initial_ctx still needs to be free'd
separately.
This commit is contained in:
William Lallemand 2020-06-23 18:19:42 +02:00 committed by William Lallemand
parent 6a3168ae84
commit ee8530c65e
5 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/haproxy/ssl_ckch.h
View File

@ -61,5 +61,7 @@ int ckch_inst_new_load_multi_store(const char *path, struct ckch_store *ckchs,
int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf, int ckch_inst_new_load_store(const char *path, struct ckch_store *ckchs, struct bind_conf *bind_conf,
struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err); struct ssl_bind_conf *ssl_conf, char **sni_filter, int fcount, struct ckch_inst **ckchi, char **err);
void ckch_deinit();
#endif /* USE_OPENSSL */ #endif /* USE_OPENSSL */
#endif /* _HAPROXY_SSL_CRTLIST_H */ #endif /* _HAPROXY_SSL_CRTLIST_H */

3
include/haproxy/ssl_crtlist.h
View File

@ -41,5 +41,8 @@ struct crtlist *crtlist_new(const char *filename, int unique);
int crtlist_parse_line(char *line, char **crt_path, struct crtlist_entry *entry, const char *file, int linenum, char **err); int crtlist_parse_line(char *line, char **crt_path, struct crtlist_entry *entry, const char *file, int linenum, char **err);
int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, struct crtlist **crtlist, char **err); int crtlist_parse_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, struct crtlist **crtlist, char **err);
int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct crtlist **crtlist, char **err); int crtlist_load_cert_dir(char *path, struct bind_conf *bind_conf, struct crtlist **crtlist, char **err);
void crtlist_deinit();
#endif /* USE_OPENSSL */ #endif /* USE_OPENSSL */
#endif /* _HAPROXY_SSL_CRTLIST_H */ #endif /* _HAPROXY_SSL_CRTLIST_H */

4
src/haproxy.c
View File

@ -2785,6 +2785,10 @@ void deinit(void)
free(l); free(l);
} }
/* SSL storage */
crtlist_deinit(); /* must be free'd before the ckchs */
ckch_deinit();
/* Release unused SSL configs. */ /* Release unused SSL configs. */
list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) { list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
if (bind_conf->xprt->destroy_bind_conf) if (bind_conf->xprt->destroy_bind_conf)

13
src/ssl_ckch.c
View File

@ -1889,6 +1889,19 @@ static int cli_parse_del_cert(char **args, char *payload, struct appctx *appctx,
return cli_dynerr(appctx, err); return cli_dynerr(appctx, err);
} }
void ckch_deinit()
{
struct eb_node *node, *next;
struct ckch_store *store;
node = eb_first(&ckchs_tree);
while (node) {
next = eb_next(node);
store = ebmb_entry(node, struct ckch_store, node);
ckch_store_free(store);
node = next;
}
}
/* register cli keywords */ /* register cli keywords */
static struct cli_kw_list cli_kws = {{ },{ static struct cli_kw_list cli_kws = {{ },{

15
src/ssl_crtlist.c
View File

@ -1265,6 +1265,21 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
} }
/* unlink and free all crt-list and crt-list entries */
void crtlist_deinit()
{
struct eb_node *node, *next;
struct crtlist *crtlist;
node = eb_first(&crtlists_tree);
while (node) {
next = eb_next(node);
crtlist = ebmb_entry(node, struct crtlist, node);
crtlist_free(crtlist);
node = next;
}
}
/* register cli keywords */ /* register cli keywords */
static struct cli_kw_list cli_kws = {{ },{ static struct cli_kw_list cli_kws = {{ },{