* shutdown webcit if we panic out while creating certificates

* free the openssl errors
* add commented out version with reason for remaining free memory so we remember it.

diff --git a/webcit/crypto.c b/webcit/crypto.c
index 972fbaa3a183e0d5bbb28790590e8326fb02751d..6d78acfa8c3ab9aadba61f6d1f8d0d45c7ffac9a 100644 (file)
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -34,6 +34,19 @@ static unsigned long id_callback(void)
        return (unsigned long) pthread_self();
 }
 
+void shutdown_ssl(void)
+{
+       ERR_free_strings();
+
+       /* Openssl requires these while shutdown. 
+        * Didn't find a way to get out of this clean.
+        * int i, n = CRYPTO_num_locks();
+        * for (i = 0; i < n; i++)
+        *      free(SSLCritters[i]);
+        * free(SSLCritters);
+       */
+}
+
 /**
  * \brief initialize ssl engine
  * load certs and initialize openssl internals
@@ -63,6 +76,7 @@ void init_ssl(void)
        if (!SSLCritters) {
                lprintf(1, "citserver: can't allocate memory!!\n");
                /* Nothing's been initialized, just die */
+               ShutDownWebcit();
                exit(WC_EXIT_SSL);
        } else {
                int a;
@@ -73,6 +87,7 @@ void init_ssl(void)
                                lprintf(1,
                                        "citserver: can't allocate memory!!\n");
                                /** Nothing's been initialized, just die */
+                               ShutDownWebcit();
                                exit(WC_EXIT_SSL);
                        }
                        pthread_mutex_init(SSLCritters[a], NULL);
@@ -150,6 +165,7 @@ void init_ssl(void)
                        }
                        else {
                                lprintf(3, "Cannot write key: %s\n", CTDL_KEY_PATH);
+                               ShutDownWebcit();
                                exit(0);
                        }
                        RSA_free(rsa);
@@ -235,6 +251,7 @@ void init_ssl(void)
                                                }
                                                else {
                                                        lprintf(3, "Cannot write key: %s\n", CTDL_CSR_PATH);
+                                                       ShutDownWebcit();
                                                        exit(0);
                                                }
                                        }
@@ -310,6 +327,7 @@ void init_ssl(void)
                                                }
                                                else {
                                                        lprintf(3, "Cannot write key: %s\n", CTDL_CER_PATH);
+                                                       ShutDownWebcit();
                                                        exit(0);
                                                }
                                        }

diff --git a/webcit/webserver.c b/webcit/webserver.c
index 55f6f150f778053a72afb8606894d58fb77857e6..8f04c224f67245f5596242d222203af7308a2141 100644 (file)
--- a/webcit/webserver.c
+++ b/webcit/webserver.c
@@ -907,6 +907,11 @@ void ShutDownWebcit(void)
 #ifdef ENABLE_NLS
        ShutdownLocale();
 #endif
+#ifdef HAVE_OPENSSL
+       if (is_https) {
+               shutdown_ssl();
+       }
+#endif
 }
 
 /*

diff --git a/webcit/webserver.h b/webcit/webserver.h
index 37b899cf6ea4c70cd423d409efb5b2301a4fe573..bf3ba3ad78a6b0fc57156dc847fd91fca539f8bf 100644 (file)
--- a/webcit/webserver.h
+++ b/webcit/webserver.h
@@ -10,3 +10,5 @@ int client_read(int *sock, char *buf, int bytes);
 int client_read_to(int *sock, char *buf, int bytes, int timeout);
 int lprintf(int loglevel, const char *format, ...);
 void wc_backtrace(void);
+void ShutDownWebcit(void);
+void shutdown_ssl(void);