openssl: client ctx: track tcrs in vh object

lib/tls/openssl/openssl-client.c

@@ -695,6 +695,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
 
 			tcr->refcount++;
 			vh->tls.ssl_client_ctx = tcr->ssl_client_ctx;
+			vh->tls.tcr = tcr;
 
 			lwsl_info("%s: vh %s: reusing client ctx %d: use %d\n",
 				   __func__, vh->name, tcr->index,
@@ -742,9 +743,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
 
 	/* bind the tcr to the client context */
 
-	SSL_CTX_set_ex_data(vh->tls.ssl_client_ctx,
-			    openssl_SSL_CTX_private_data_index,
-			    (char *)tcr);
+	vh->tls.tcr = tcr;
 
 #ifdef SSL_OP_NO_COMPRESSION
 	SSL_CTX_set_options(vh->tls.ssl_client_ctx, SSL_OP_NO_COMPRESSION);

lib/tls/openssl/openssl-ssl.c

@@ -141,15 +141,10 @@ lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, int is_client,
 static void
 lws_ssl_destroy_client_ctx(struct lws_vhost *vhost)
 {
-	struct lws_tls_client_reuse *tcr;
-
 	if (vhost->tls.user_supplied_ssl_ctx || !vhost->tls.ssl_client_ctx)
 		return;
 
-	tcr = SSL_CTX_get_ex_data(vhost->tls.ssl_client_ctx,
-				  openssl_SSL_CTX_private_data_index);
-
-	if (!tcr || --tcr->refcount)
+	if (vhost->tls.tcr && --vhost->tls.tcr->refcount)
 		return;
 
 	SSL_CTX_free(vhost->tls.ssl_client_ctx);
@@ -157,8 +152,11 @@ lws_ssl_destroy_client_ctx(struct lws_vhost *vhost)
 
 	vhost->context->tls.count_client_contexts--;
 
-	lws_dll2_remove(&tcr->cc_list);
-	lws_free(tcr);
+	if (vhost->tls.tcr) {
+		lws_dll2_remove(&vhost->tls.tcr->cc_list);
+		lws_free(vhost->tls.tcr);
+		vhost->tls.tcr = NULL;
+	}
 }
 #endif
 void

lib/tls/private-network.h

@@ -51,6 +51,7 @@ struct alpn_ctx {
 struct lws_vhost_tls {
 	lws_tls_ctx *ssl_ctx;
 	lws_tls_ctx *ssl_client_ctx;
+	struct lws_tls_client_reuse *tcr;
 	const char *alpn;
 	struct lws_tls_ss_pieces *ss; /* for acme tls certs */
 	char *alloc_cert_path;