Revert "Tweak conditions on calling proxy_tls_close()"

ndptech · ndptech · commit b8ff0d8a0796 · 2026-04-29T17:25:03.000+01:00
This reverts commit 7524d5b. Caused some crashes when closing outbound TLS connections.
diff --git a/src/main/process.c b/src/main/process.c
@@ -6297,15 +6297,16 @@ static void event_new_fd(void *ctx)
 		this->dead = true;
 
 	remove_now:
-		sock = this->data;
-
-#if defined(WITH_PROXY) && defined(WITH_TLS)
-		if ((this->type == RAD_LISTEN_PROXY) && sock->ssn) {
-			/*
-			 *	Close it.  Which sets the status to EOL, so we
-			 *	have to update that, too.
-			 */
-			sock->client_closed = true;	/* no need to call SSL_shutdown() */
+#ifdef WITH_TLS
+		/*
+		 *	Close it.  Which sets the status to EOL, so we
+		 *	have to update that, too.
+		 *
+		 *	proxy_tls_close also clears this->tls, so it's
+		 *	safe run this check multiple times, as the
+		 *	second time it won't close the same socket.
+		 */
+		if ((this->type == RAD_LISTEN_PROXY) && this->tls) {
 			proxy_tls_close(this);
 			this->status = RAD_LISTEN_STATUS_REMOVE_NOW;
 		}
@@ -6355,6 +6356,7 @@ static void event_new_fd(void *ctx)
 #endif
 			) {
 			home_server_t *home;
+			sock = this->data;
 
 			home = sock->home;
 			if (!home || !home->limit.max_connections) {
diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
@@ -92,7 +92,6 @@ void tls_socket_close(rad_listen_t *listener)
 	ROPTIONAL(RDEBUG3, DEBUG3, "(TLS) Closing connection");
 	rad_free(&sock->packet);
 	TALLOC_FREE(sock->request);
-	TALLOC_FREE(sock->ssn);
 	radius_update_listener(listener);
 
 	/*
