From e0f5ec433df9664a8e3bdf540fdf993a45c75875 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Wilfried=20G=C3=B6esgens?= <willi@citadel.org>
Date: Fri, 12 Sep 2008 10:10:44 +0000
Subject: [PATCH] * shutdown webcit if we panic out while creating certificates
 * free the openssl errors * add commented out version with reason for
 remaining free memory so we remember it.

---
 webcit/crypto.c    | 18 ++++++++++++++++++
 webcit/webserver.c |  5 +++++
 webcit/webserver.h |  2 ++
 3 files changed, 25 insertions(+)

diff --git a/webcit/crypto.c b/webcit/crypto.c
index 972fbaa3a..6d78acfa8 100644
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -34,6 +34,19 @@ static unsigned long id_callback(void)
 	return (unsigned long) pthread_self();
 }
 
+void shutdown_ssl(void)
+{
+	ERR_free_strings();
+
+	/* Openssl requires these while shutdown. 
+	 * Didn't find a way to get out of this clean.
+	 * int i, n = CRYPTO_num_locks();
+	 * for (i = 0; i < n; i++)
+	 * 	free(SSLCritters[i]);
+	 * free(SSLCritters);
+	*/
+}
+
 /**
  * \brief initialize ssl engine
  * load certs and initialize openssl internals
@@ -63,6 +76,7 @@ void init_ssl(void)
 	if (!SSLCritters) {
 		lprintf(1, "citserver: can't allocate memory!!\n");
 		/* Nothing's been initialized, just die */
+		ShutDownWebcit();
 		exit(WC_EXIT_SSL);
 	} else {
 		int a;
@@ -73,6 +87,7 @@ void init_ssl(void)
 				lprintf(1,
 					"citserver: can't allocate memory!!\n");
 				/** Nothing's been initialized, just die */
+				ShutDownWebcit();
 				exit(WC_EXIT_SSL);
 			}
 			pthread_mutex_init(SSLCritters[a], NULL);
@@ -150,6 +165,7 @@ void init_ssl(void)
 			}
 			else {
 				lprintf(3, "Cannot write key: %s\n", CTDL_KEY_PATH);
+				ShutDownWebcit();
 				exit(0);
 			}
 			RSA_free(rsa);
@@ -235,6 +251,7 @@ void init_ssl(void)
 						}
 						else {
 							lprintf(3, "Cannot write key: %s\n", CTDL_CSR_PATH);
+							ShutDownWebcit();
 							exit(0);
 						}
 					}
@@ -310,6 +327,7 @@ void init_ssl(void)
 						}
 						else {
 							lprintf(3, "Cannot write key: %s\n", CTDL_CER_PATH);
+							ShutDownWebcit();
 							exit(0);
 						}
 					}
diff --git a/webcit/webserver.c b/webcit/webserver.c
index 55f6f150f..8f04c224f 100644
--- a/webcit/webserver.c
+++ b/webcit/webserver.c
@@ -907,6 +907,11 @@ void ShutDownWebcit(void)
 #ifdef ENABLE_NLS
 	ShutdownLocale();
 #endif
+#ifdef HAVE_OPENSSL
+	if (is_https) {
+		shutdown_ssl();
+	}
+#endif
 }
 
 /*
diff --git a/webcit/webserver.h b/webcit/webserver.h
index 37b899cf6..bf3ba3ad7 100644
--- a/webcit/webserver.h
+++ b/webcit/webserver.h
@@ -10,3 +10,5 @@ int client_read(int *sock, char *buf, int bytes);
 int client_read_to(int *sock, char *buf, int bytes, int timeout);
 int lprintf(int loglevel, const char *format, ...);
 void wc_backtrace(void);
+void ShutDownWebcit(void);
+void shutdown_ssl(void);
-- 
2.30.2