From b0c4827c2f0332910cb459cd9898da5c392f8f36 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 26 Apr 2022 15:44:53 +0200
Subject: [PATCH] BUG/MINOR: ssl: free the cafile entries on deinit

The cafile_tree was never free upon deinit, making valgrind and ASAN
complains when haproxy quits.

This could be backported as far as 2.2 but it requires the
ssl_store_delete_cafile_entry() helper from
5daff3c8abc658760a0d0c5fbbc633bfff1afe44.
---
 src/ssl_ckch.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 94d11e8ea..589e69117 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -3769,7 +3769,9 @@ void ckch_deinit()
 {
 	struct eb_node *node, *next;
 	struct ckch_store *store;
+	struct ebmb_node *canode;
 
+	/* deinit the ckch stores */
 	node = eb_first(&ckchs_tree);
 	while (node) {
 		next = eb_next(node);
@@ -3777,6 +3779,16 @@ void ckch_deinit()
 		ckch_store_free(store);
 		node = next;
 	}
+
+	/* deinit the ca-file store */
+	canode = ebmb_first(&cafile_tree);
+	while (canode) {
+		struct cafile_entry *entry = NULL;
+
+		entry = ebmb_entry(canode, struct cafile_entry, node);
+		canode = ebmb_next(canode);
+		ssl_store_delete_cafile_entry(entry);
+	}
 }
 
 /* register cli keywords */