Skip to content

Commit

Permalink
fix: properly free ssl session and ssl context
Browse files Browse the repository at this point in the history
  • Loading branch information
@rept1d
rept1d committed Dec 20, 2023
1 parent c9bfdeb commit 11a1cfb
Showing 1 changed file with 19 additions and 12 deletions.
31 changes: 19 additions & 12 deletions src/dpp/sslclient.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,20 @@ struct keepalive_cache_t {
dpp::socket sfd;
};

/**
* @brief Custom deleter for SSL_CTX
*/
class openssl_context_deleter {
public:
void operator()(SSL_CTX* context) const noexcept {
SSL_CTX_free(context);
}
};

/**
* @brief OpenSSL context
*/
thread_local SSL_CTX* openssl_context = nullptr;
thread_local std::unique_ptr<SSL_CTX, openssl_context_deleter> openssl_context;

/**
* @brief Keepalive sessions, per-thread
Expand Down Expand Up @@ -273,13 +283,7 @@ ssl_client::ssl_client(const std::string &_hostname, const std::string &_port, b
if (plaintext) {
ssl = nullptr;
} else {
try {
ssl = new openssl_connection();
}
catch (std::bad_alloc&) {
delete ssl;
throw;
}
ssl = new openssl_connection();
}
}
try {
Expand Down Expand Up @@ -321,21 +325,21 @@ void ssl_client::connect()
const SSL_METHOD *method = TLS_client_method(); /* Create new client-method instance */

/* Create SSL context */
openssl_context = SSL_CTX_new(method);
if (openssl_context == nullptr) {
openssl_context.reset(SSL_CTX_new(method));
if (!openssl_context) {
throw dpp::connection_exception(err_ssl_context, "Failed to create SSL client context!");
}

/* Do not allow SSL 3.0, TLS 1.0 or 1.1
* https://www.packetlabs.net/posts/tls-1-1-no-longer-secure/
*/
if (!SSL_CTX_set_min_proto_version(openssl_context, TLS1_2_VERSION)) {
if (!SSL_CTX_set_min_proto_version(openssl_context.get(), TLS1_2_VERSION)) {
throw dpp::connection_exception(err_ssl_version, "Failed to set minimum SSL version!");
}
}

/* Create SSL session */
ssl->ssl = SSL_new(openssl_context);
ssl->ssl = SSL_new(openssl_context.get());
if (ssl->ssl == nullptr) {
throw dpp::connection_exception(err_ssl_new, "SSL_new failed!");
}
Expand Down Expand Up @@ -646,6 +650,9 @@ void ssl_client::cleanup()
{
this->close();
if (!keepalive) {
if (ssl != nullptr) {
SSL_free(ssl->ssl);
}
delete ssl;
}
}
Expand Down

0 comments on commit 11a1cfb

Please sign in to comment.