In ssl_sock_do_create_cert(), don't forget to free ctmp and tmp_ssl once
we're done creating the certificate, otherwise we will get a memory leak
each time we have to create a new certificate, which will happen each
time a new SNI is used.
This should be backported as far as 2.6 (though on older releases,
ssl_gencert.c doesn't exist, and that function is found in ssl_sock.c).
This patch was submitted by Red Hat and AISLE Research
#endif /* defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH) */
#endif /* HA_OPENSSL_VERSION_NUMBER >= 0x10101000L */
end:
+ if (ctmp) NCONF_free(ctmp);
+ if (tmp_ssl) SSL_free(tmp_ssl);
return ssl_ctx;
mkcert_error: