From: Howard Chu <hyc@openldap.org>
Date: Sun, 2 Jul 2006 22:38:01 +0000 (+0000)
Subject: Fix TLS CTX ref counting
X-Git-Tag: OPENLDAP_REL_ENG_2_4_3ALPHA~9^2~67
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=a7870943f78ec3792d9b597ef814f26c4ed37b49;p=openldap

Fix TLS CTX ref counting
---

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 3d8333f64a..fc2e31d55a 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -1366,6 +1366,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
 		if ( lo->ldo_tls_ctx )
 			SSL_CTX_free( lo->ldo_tls_ctx );
 		lo->ldo_tls_ctx = arg;
+		CRYPTO_add( &((SSL_CTX *)arg)->references, 1, CRYPTO_LOCK_SSL_CTX );
 		return 0;
 	case LDAP_OPT_X_TLS_CONNECT_CB:
 		lo->ldo_tls_connect_cb = (LDAP_TLS_CONNECT_CB *)arg;
diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 5642c1b86c..a62e633e38 100644
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -959,11 +959,8 @@ stop:
 	lutil_passwd_destroy();
 
 #ifdef HAVE_TLS
-	/* Setting it to itself decreases refcount, allowing it to be freed
-	 * when the LD is freed.
-	 */
 	if ( slap_tls_ld ) {
-		ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, slap_tls_ctx );
+		SSL_CTX_free( slap_tls_ctx );
 		ldap_unbind( slap_tls_ld );
 	}
 	ldap_pvt_tls_destroy();