X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=libraries%2Flibldap%2Ftls.c;h=504263ed14d3df89323f441daa95596dc9ba1d8a;hb=623a7a9fe2619abf658fec3d5f690a5ba240e4f3;hp=2ba33970f1af18818edc33c7b512ab4ccaa2a75f;hpb=d18277eac91d35484c5b4e5db83000f8dceff222;p=openldap

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 2ba33970f1..504263ed14 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -111,8 +111,10 @@ static void tls_init_threads( void )
 void
 ldap_int_tls_destroy( struct ldapoptions *lo )
 {
-	SSL_CTX_free( lo->ldo_tls_ctx );
-	lo->ldo_tls_ctx = NULL;
+	if ( lo->ldo_tls_ctx ) {
+		SSL_CTX_free( lo->ldo_tls_ctx );
+		lo->ldo_tls_ctx = NULL;
+	}
 
 	if ( lo->ldo_tls_certfile ) {
 		LDAP_FREE( lo->ldo_tls_certfile );
@@ -146,6 +148,10 @@ ldap_int_tls_destroy( struct ldapoptions *lo )
 void
 ldap_pvt_tls_destroy( void )
 {
+	struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT();   
+
+	ldap_int_tls_destroy( lo );
+
 	EVP_cleanup();
 	ERR_remove_state(0);
 	ERR_free_strings();
@@ -1245,6 +1251,10 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
 		break;
 	case LDAP_OPT_X_TLS_CTX:
 		*(void **)arg = lo->ldo_tls_ctx;
+		if ( lo->ldo_tls_ctx ) {
+			SSL_CTX *ctx = lo->ldo_tls_ctx;
+			CRYPTO_add( &ctx->references, 1, CRYPTO_LOCK_SSL_CTX );
+		}
 		break;
 	case LDAP_OPT_X_TLS_CACERTFILE:
 		*(char **)arg = lo->ldo_tls_cacertfile ?
@@ -1343,6 +1353,8 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
 		return -1;
 
 	case LDAP_OPT_X_TLS_CTX:
+		if ( lo->ldo_tls_ctx )
+			SSL_CTX_free( lo->ldo_tls_ctx );
 		lo->ldo_tls_ctx = arg;
 		return 0;
 	case LDAP_OPT_X_TLS_CONNECT_CB:
@@ -1409,6 +1421,8 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
 
 	case LDAP_OPT_X_TLS_NEWCTX:
 		if ( !arg ) return -1;
+		if ( lo->ldo_tls_ctx )
+			SSL_CTX_free( lo->ldo_tls_ctx );
 		lo->ldo_tls_ctx = NULL;
 		return ldap_int_tls_init_ctx( lo, *(int *)arg );
 	default: