Tweak conditions on calling proxy_tls_close()

alandekok · alandekok · commit 7524d5b8de9a · 2026-04-28T16:08:50.000-04:00
diff --git a/src/main/process.c b/src/main/process.c
@@ -6297,16 +6297,15 @@ static void event_new_fd(void *ctx)
 		this->dead = true;
 
 	remove_now:
-#ifdef WITH_TLS
-		/*
-		 *	Close it.  Which sets the status to EOL, so we
-		 *	have to update that, too.
-		 *
-		 *	proxy_tls_close also clears this->tls, so it's
-		 *	safe run this check multiple times, as the
-		 *	second time it won't close the same socket.
-		 */
-		if ((this->type == RAD_LISTEN_PROXY) && this->tls) {
+		sock = this->data;
+
+#if defined(WITH_PROXY) && defined(WITH_TLS)
+		if ((this->type == RAD_LISTEN_PROXY) && sock->ssn) {
+			/*
+			 *	Close it.  Which sets the status to EOL, so we
+			 *	have to update that, too.
+			 */
+			sock->client_closed = true;	/* no need to call SSL_shutdown() */
 			proxy_tls_close(this);
 			this->status = RAD_LISTEN_STATUS_REMOVE_NOW;
 		}
@@ -6356,7 +6355,6 @@ static void event_new_fd(void *ctx)
 #endif
 			) {
 			home_server_t *home;
-			sock = this->data;
 
 			home = sock->home;
 			if (!home || !home->limit.max_connections) {
diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
@@ -92,6 +92,7 @@ void tls_socket_close(rad_listen_t *listener)
 	ROPTIONAL(RDEBUG3, DEBUG3, "(TLS) Closing connection");
 	rad_free(&sock->packet);
 	TALLOC_FREE(sock->request);
+	TALLOC_FREE(sock->ssn);
 	radius_update_listener(listener);
 
 	/*
