BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line

When deleting a crt-list line through a "del ssl crt-list" call on the
CLI, we ended up free'ing the corresponding ckch instances without fully
clearing their contents. It left some dangling references on other
objects because the attache SSL_CTX was not deleted, as well as all the
ex_data referenced by it (OCSP responses for instance).

This patch can be backported up to branch 2.4.

(cherry picked from commit 23cab33b67dd9dc76de936f47dfa23b1a8ee40e5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

diff --git a/src/ssl_crtlist.c b/src/ssl_crtlist.c
index 9ea5ea0..dcd9171 100644 (file)
--- a/src/ssl_crtlist.c
+++ b/src/ssl_crtlist.c
@@ -1530,7 +1530,7 @@ static int cli_parse_del_crtlist(char **args, char *payload, struct appctx *appc
                        LIST_DELETE(&link_ref->list);
                        free(link_ref);
                }
-               free(inst);
+               ckch_inst_free(inst);
        }
 
        crtlist_free_filters(entry->filters);