From c0246ffe7befcf5504170e48b717fff9199aa4e9 Mon Sep 17 00:00:00 2001
From: Kevin Cernekee <cernekee@gmail.com>
Date: Tue, 18 Mar 2014 20:44:07 -0700
Subject: [PATCH] dtls: Free OpenSSL contexts when the library instance is
 freed

Per valgrind these leaked about 1kB.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
---
 dtls.c                 | 16 ++++++++++++++++
 library.c              |  2 +-
 openconnect-internal.h |  1 +
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/dtls.c b/dtls.c
index 175250ac..48d7b5b0 100644
--- a/dtls.c
+++ b/dtls.c
@@ -305,6 +305,13 @@ int dtls_try_handshake(struct openconnect_info *vpninfo)
 	return -EINVAL;
 }
 
+void dtls_shutdown(struct openconnect_info *vpninfo)
+{
+	dtls_close(vpninfo);
+	SSL_CTX_free(vpninfo->dtls_ctx);
+	SSL_SESSION_free(vpninfo->dtls_session);
+}
+
 #elif defined(DTLS_GNUTLS)
 #include <gnutls/dtls.h>
 
@@ -444,6 +451,11 @@ int dtls_try_handshake(struct openconnect_info *vpninfo)
 	time(&vpninfo->new_dtls_started);
 	return -EINVAL;
 }
+
+void dtls_shutdown(struct openconnect_info *vpninfo)
+{
+	dtls_close(vpninfo);
+}
 #endif
 
 int connect_dtls_socket(struct openconnect_info *vpninfo)
@@ -889,4 +901,8 @@ int dtls_reconnect(struct openconnect_info *vpninfo)
 void dtls_close(struct openconnect_info *vpninfo)
 {
 }
+
+void dtls_shutdown(struct openconnect_info *vpninfo)
+{
+}
 #endif
diff --git a/library.c b/library.c
index 77748276..79ffc648 100644
--- a/library.c
+++ b/library.c
@@ -137,7 +137,7 @@ static void free_optlist(struct oc_vpn_option *opt)
 void openconnect_vpninfo_free(struct openconnect_info *vpninfo)
 {
 	openconnect_close_https(vpninfo, 1);
-	dtls_close(vpninfo);
+	dtls_shutdown(vpninfo);
 	if (vpninfo->cmd_fd_write != -1) {
 		close(vpninfo->cmd_fd);
 		close(vpninfo->cmd_fd_write);
diff --git a/openconnect-internal.h b/openconnect-internal.h
index dec8414f..dbe1feeb 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -464,6 +464,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout);
 int dtls_try_handshake(struct openconnect_info *vpninfo);
 int connect_dtls_socket(struct openconnect_info *vpninfo);
 void dtls_close(struct openconnect_info *vpninfo);
+void dtls_shutdown(struct openconnect_info *vpninfo);
 int dtls_reconnect(struct openconnect_info *vpninfo);
 
 /* cstp.c */