diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c index 01902bacb..67e0a790f 100644 --- a/lib/tls/openssl/openssl-client.c +++ b/lib/tls/openssl/openssl-client.c @@ -695,6 +695,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, tcr->refcount++; vh->tls.ssl_client_ctx = tcr->ssl_client_ctx; + vh->tls.tcr = tcr; lwsl_info("%s: vh %s: reusing client ctx %d: use %d\n", __func__, vh->name, tcr->index, @@ -742,9 +743,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, /* bind the tcr to the client context */ - SSL_CTX_set_ex_data(vh->tls.ssl_client_ctx, - openssl_SSL_CTX_private_data_index, - (char *)tcr); + vh->tls.tcr = tcr; #ifdef SSL_OP_NO_COMPRESSION SSL_CTX_set_options(vh->tls.ssl_client_ctx, SSL_OP_NO_COMPRESSION); diff --git a/lib/tls/openssl/openssl-ssl.c b/lib/tls/openssl/openssl-ssl.c index 7392bb8b6..68c4c6bcd 100644 --- a/lib/tls/openssl/openssl-ssl.c +++ b/lib/tls/openssl/openssl-ssl.c @@ -141,15 +141,10 @@ lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, int is_client, static void lws_ssl_destroy_client_ctx(struct lws_vhost *vhost) { - struct lws_tls_client_reuse *tcr; - if (vhost->tls.user_supplied_ssl_ctx || !vhost->tls.ssl_client_ctx) return; - tcr = SSL_CTX_get_ex_data(vhost->tls.ssl_client_ctx, - openssl_SSL_CTX_private_data_index); - - if (!tcr || --tcr->refcount) + if (vhost->tls.tcr && --vhost->tls.tcr->refcount) return; SSL_CTX_free(vhost->tls.ssl_client_ctx); @@ -157,8 +152,11 @@ lws_ssl_destroy_client_ctx(struct lws_vhost *vhost) vhost->context->tls.count_client_contexts--; - lws_dll2_remove(&tcr->cc_list); - lws_free(tcr); + if (vhost->tls.tcr) { + lws_dll2_remove(&vhost->tls.tcr->cc_list); + lws_free(vhost->tls.tcr); + vhost->tls.tcr = NULL; + } } #endif void diff --git a/lib/tls/private-network.h b/lib/tls/private-network.h index c8b15fd1e..8c6cdf36f 100644 --- a/lib/tls/private-network.h +++ b/lib/tls/private-network.h @@ -51,6 +51,7 @@ struct alpn_ctx { struct lws_vhost_tls { lws_tls_ctx *ssl_ctx; lws_tls_ctx *ssl_client_ctx; + struct lws_tls_client_reuse *tcr; const char *alpn; struct lws_tls_ss_pieces *ss; /* for acme tls certs */ char *alloc_cert_path;