*/
/*@{*/
+#include "config.h"
#ifdef HAVE_OPENSSL
#include "webcit.h"
/**
* \brief starts SSL/TLS encryption for the current session.
* \param sock the socket connection
- * \return foo????
+ * \return Zero if the SSL/TLS handshake succeeded, non-zero otherwise.
*/
int starttls(int sock) {
int retval, bits, alg_bits;
*/
void endtls(void)
{
+ SSL_CTX *ctx = NULL;
+
if (THREADSSL == NULL) return;
lprintf(5, "Ending SSL/TLS\n");
SSL_shutdown(THREADSSL);
+ ctx = SSL_get_SSL_CTX(THREADSSL);
+
+ /** I don't think this is needed, and it crashes the server anyway
+ *
+ * if (ctx != NULL) {
+ * lprintf(9, "Freeing CTX at %x\n", (int)ctx );
+ * SSL_CTX_free(ctx);
+ * }
+ */
+
SSL_free(THREADSSL);
pthread_setspecific(ThreadSSL, NULL);
}