From a7870943f78ec3792d9b597ef814f26c4ed37b49 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Sun, 2 Jul 2006 22:38:01 +0000
Subject: [PATCH] Fix TLS CTX ref counting

---
 libraries/libldap/tls.c | 1 +
 servers/slapd/main.c    | 5 +----
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 3d8333f64a..fc2e31d55a 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -1366,6 +1366,7 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
 		if ( lo->ldo_tls_ctx )
 			SSL_CTX_free( lo->ldo_tls_ctx );
 		lo->ldo_tls_ctx = arg;
+		CRYPTO_add( &((SSL_CTX *)arg)->references, 1, CRYPTO_LOCK_SSL_CTX );
 		return 0;
 	case LDAP_OPT_X_TLS_CONNECT_CB:
 		lo->ldo_tls_connect_cb = (LDAP_TLS_CONNECT_CB *)arg;
diff --git a/servers/slapd/main.c b/servers/slapd/main.c
index 5642c1b86c..a62e633e38 100644
--- a/servers/slapd/main.c
+++ b/servers/slapd/main.c
@@ -959,11 +959,8 @@ stop:
 	lutil_passwd_destroy();
 
 #ifdef HAVE_TLS
-	/* Setting it to itself decreases refcount, allowing it to be freed
-	 * when the LD is freed.
-	 */
 	if ( slap_tls_ld ) {
-		ldap_pvt_tls_set_option( slap_tls_ld, LDAP_OPT_X_TLS_CTX, slap_tls_ctx );
+		SSL_CTX_free( slap_tls_ctx );
 		ldap_unbind( slap_tls_ld );
 	}
 	ldap_pvt_tls_destroy();
-- 
2.39.2