3 files changed, 13 insertions, 0 deletions

diff --git a/src/common/tortls.c b/src/common/tortls.c
index 86cdcec48f..42074cc41a 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -156,6 +156,17 @@ tor_tls_init(void) {
   }
 }
 
+void
+tor_tls_free_all(void)
+{
+  if (global_tls_context) {
+    SSL_CTX_free(global_tls_context->ctx);
+    SSL_CTX_free(global_tls_context->client_only_ctx);
+    tor_free(global_tls_context);
+    global_tls_context = NULL;
+  }
+}
+
 /** We need to give OpenSSL a callback to verify certificates. This is
  * it: We always accept peer certs and complete the handshake.  We
  * don't validate them until later.
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 33fe573a50..e7fc084ace 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -24,6 +24,7 @@ typedef struct tor_tls_st tor_tls;
 #define TOR_TLS_WANTWRITE   -1
 #define TOR_TLS_DONE         0
 
+void tor_tls_free_all(void);
 int tor_tls_context_new(crypto_pk_env_t *rsa, int isServer,
                         const char *nickname, unsigned int key_lifetime);
 tor_tls *tor_tls_new(int sock, int is_server, int use_no_cert);
diff --git a/src/or/main.c b/src/or/main.c
index ef1e7bf12f..184bfa3308 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -1320,6 +1320,7 @@ void tor_free_all(void)
   connection_free_all();
   config_free_all();
   router_free_all_keys();
+  tor_tls_free_all();
   /* stuff in main.c */
   smartlist_free(closeable_connection_lst);
 }