Proper global init/deinit of GnuTLS
These are reference counted so it is important to retain symmetry
between the calls. Failure to do so will result in bad memory access
and crashes.
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index 0f52d34..b946022 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -48,23 +48,15 @@
static LogWriter vlog("TLS");
-void SSecurityTLS::initGlobal()
-{
- static bool globalInitDone = false;
-
- if (!globalInitDone) {
- if (gnutls_global_init() != GNUTLS_E_SUCCESS)
- throw AuthFailureException("gnutls_global_init failed");
- globalInitDone = true;
- }
-}
-
SSecurityTLS::SSecurityTLS(bool _anon) : session(0), dh_params(0),
anon_cred(0), cert_cred(0),
anon(_anon), fis(0), fos(0)
{
certfile = X509_CertFile.getData();
keyfile = X509_KeyFile.getData();
+
+ if (gnutls_global_init() != GNUTLS_E_SUCCESS)
+ throw AuthFailureException("gnutls_global_init failed");
}
void SSecurityTLS::shutdown()
@@ -94,8 +86,6 @@
if (session) {
gnutls_deinit(session);
session = 0;
-
- gnutls_global_deinit();
}
}
@@ -111,6 +101,8 @@
delete[] keyfile;
delete[] certfile;
+
+ gnutls_global_deinit();
}
bool SSecurityTLS::processMsg(SConnection *sc)
@@ -121,8 +113,6 @@
vlog.debug("Process security message (session %p)", session);
if (!session) {
- initGlobal();
-
if (gnutls_init(&session, GNUTLS_SERVER) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_init failed");