Call endtls() when an HTTP session ends normally -- not

[citadel.git] / webcit / crypto.c

diff --git a/webcit/crypto.c b/webcit/crypto.c
index 50de23b9a6cf9abbe5bc282d8cf09ac5a81a6336..cb6e22a20d9336599090c766a07a013095518a44 100644 (file)
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -7,6 +7,7 @@
  */
 
 /*@{*/
+#include "config.h"
 #ifdef HAVE_OPENSSL
 
 #include "webcit.h"
@@ -316,7 +317,7 @@ void init_ssl(void)
 /**
  * \brief starts SSL/TLS encryption for the current session.
  * \param sock the socket connection
- * \return foo????
+ * \return Zero if the SSL/TLS handshake succeeded, non-zero otherwise.
  */
 int starttls(int sock) {
        int retval, bits, alg_bits;
@@ -377,10 +378,22 @@ int starttls(int sock) {
  */
 void endtls(void)
 {
+       SSL_CTX *ctx = NULL;
+
        if (THREADSSL == NULL) return;
 
        lprintf(5, "Ending SSL/TLS\n");
        SSL_shutdown(THREADSSL);
+       ctx = SSL_get_SSL_CTX(THREADSSL);
+
+       /** I don't think this is needed, and it crashes the server anyway
+        *
+        *      if (ctx != NULL) {
+        *              lprintf(9, "Freeing CTX at %x\n", (int)ctx );
+        *              SSL_CTX_free(ctx);
+        *      }
+        */
+
        SSL_free(THREADSSL);
        pthread_setspecific(ThreadSSL, NULL);
 }