/*
Release SSL and free resources
Will be automatically executed by
mysql_server_end() function
SYNOPSIS
my_gnutls_end()
void
RETURN VALUES
void
*/
void ma_ssl_end()
{
pthread_mutex_lock(&LOCK_gnutls_config);
if (ma_ssl_initialized)
{
gnutls_certificate_free_keys(GNUTLS_xcred);
gnutls_certificate_free_cas(GNUTLS_xcred);
gnutls_certificate_free_crls(GNUTLS_xcred);
gnutls_certificate_free_ca_names(GNUTLS_xcred);
gnutls_certificate_free_credentials(GNUTLS_xcred);
gnutls_global_deinit();
ma_ssl_initialized= FALSE;
}
pthread_mutex_unlock(&LOCK_gnutls_config);
pthread_mutex_destroy(&LOCK_gnutls_config);
return;
}
/**
* gnutls_certificate_free_credentials - Used to free an allocated gnutls_certificate_credentials_t structure
* @sc: is an #gnutls_certificate_credentials_t structure.
*
* This structure is complex enough to manipulate directly thus
* this helper function is provided in order to free (deallocate) it.
*
* This function does not free any temporary parameters associated
* with this structure (ie RSA and DH parameters are not freed by
* this function).
**/
void
gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc)
{
gnutls_certificate_free_keys (sc);
gnutls_certificate_free_cas (sc);
gnutls_certificate_free_ca_names (sc);
#ifdef ENABLE_PKI
gnutls_certificate_free_crls (sc);
#endif
#ifndef KEYRING_HACK
if (_E_gnutls_openpgp_keyring_deinit)
_E_gnutls_openpgp_keyring_deinit( sc->keyring);
#else
_gnutls_free_datum( &sc->keyring);
#endif
gnutls_free (sc);
}
static void
infinoted_plugin_certificate_auth_deinitialize(gpointer plugin_info)
{
InfinotedPluginCertificateAuth* plugin;
InfRequest* remove_acl_account_request;
InfCertificateCredentials* creds;
guint i;
plugin = (InfinotedPluginCertificateAuth*)plugin_info;
/* Remove super user account. Note that this is not strictly necessary,
* since the acocunt is transient and therefore is not written to disk,
* so will not be re-created at the next server start. However, to be sure,
* we explicitly remove the account at this point. */
if(plugin->super_id != 0)
{
remove_acl_account_request = inf_browser_remove_acl_account(
INF_BROWSER(infinoted_plugin_manager_get_directory(plugin->manager)),
plugin->super_id,
infinoted_plugin_certificate_auth_remove_acl_account_cb,
plugin
);
/* This should be instantaneous: if we are not called back within the call
* to inf_browser_remove_acl_account(), then we don't care about the
* result, since we are being deinitialized. */
if(remove_acl_account_request != NULL)
{
inf_signal_handlers_disconnect_by_func(
plugin->set_acl_request,
G_CALLBACK(infinoted_plugin_certificate_auth_remove_acl_account_cb),
plugin
);
}
}
if(plugin->set_acl_request != NULL)
{
inf_signal_handlers_disconnect_by_func(
plugin->set_acl_request,
G_CALLBACK(infinoted_plugin_certificate_auth_set_acl_cb),
plugin
);
g_object_unref(plugin->set_acl_request);
}
creds = infinoted_plugin_manager_get_credentials(plugin->manager);
if(creds != NULL)
gnutls_certificate_free_cas(inf_certificate_credentials_get(creds));
infd_directory_set_certificate(
infinoted_plugin_manager_get_directory(plugin->manager),
NULL,
NULL
);
/* If we have a ca_key set, the certificate that belongs to the key had
* its ownership transferred to the directory, so make sure not to free
* it twice here. */
for(i = 0; i < plugin->n_cas; ++i)
if(plugin->ca_key == NULL || i != plugin->ca_key_index)
gnutls_x509_crt_deinit(plugin->cas[i]);
g_free(plugin->cas);
if(plugin->ca_key != NULL)
gnutls_x509_privkey_deinit(plugin->ca_key);
g_free(plugin->ca_list_file);
g_free(plugin->ca_key_file);
g_free(plugin->super_user);
}
void certificate_credentials::free_cas ()
{
gnutls_certificate_free_cas (cred);
}
