Hi All,
After changing the TLS protocol to TLSv1.3, we are observing some memory leaks that indicates that the memory allocated for new session in new_session_cb() is not freed properly. However, I have cleaned up the memory as part of remove_session_cb() but still that memory leaks are visible.
Architecture:
1. One multithreaded process that makes multiples TLS client connections.
2. One SSL_CTX for this process that internally manages the session cache also.
3. One External cache to use the TLS session from the internal cache.
4. For each thread/connection, SSL and SSL_SESSION is created and kept in the internal and external cache.
Ideally, whenever a client is disconnected, the corresponding SSL_SESSION need to be removed from internal cache using SSL_CTX_remove_session() and then SSL_free() should be called to free the SSL and corresponding SSL_SESSION. But for some of the test cases I observed the crash because of double free when SSL_CTX_free() is called during the process shutdown.
What should be the proper sequence of cleaning up the SSL_SESSION, SSL, SSL_CTX and removing session from the internal cache?
