wolfSSL
diff --git a/‎README.md‎
Lines changed: 2 additions & 1 deletion b/‎README.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎certs/test-cert.pem‎
Lines changed: 15 additions & 0 deletions b/‎certs/test-cert.pem‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎certs/test-key.pem‎
Lines changed: 8 additions & 0 deletions b/‎certs/test-key.pem‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎configure.ac‎
Lines changed: 2 additions & 2 deletions b/‎configure.ac‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/keymanager.c‎
Lines changed: 18 additions & 7 deletions b/‎src/keymanager.c‎
Lines changed: 18 additions & 7 deletions
diff --git a/‎src/mod_etsi.c‎
Lines changed: 29 additions & 3 deletions b/‎src/mod_etsi.c‎
Lines changed: 29 additions & 3 deletions
diff --git a/‎src/mod_http.c‎
Lines changed: 36 additions & 0 deletions b/‎src/mod_http.c‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎src/mod_tls.c‎
Lines changed: 0 additions & 1 deletion b/‎src/mod_tls.c‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎src/sock_mgr.c‎
Lines changed: 0 additions & 13 deletions b/‎src/sock_mgr.c‎
Lines changed: 0 additions & 13 deletions
diff --git a/‎src/svc_etsi.c‎
Lines changed: 7 additions & 9 deletions b/‎src/svc_etsi.c‎
Lines changed: 7 additions & 9 deletions
@@ -99,12 +99,13 @@ wolfKeyManager 0.3
 -f <str>    Log file name, default None
 -o <num>    Max open files, default  1024
 -s <num>    Seconds to timeout, default 60
+-r <num>    Key renewal timeout, default 3600
 -t <num>    Thread pool size, default  48
 -d          TLS Disable Mutual Authentication
 -k <pem>    TLS Server TLS Key, default ./certs/server-key.pem
 -w <pass>   TLS Server Key Password, default wolfssl
 -c <pem>    TLS Server Certificate, default ./certs/server-cert.pem
--c <pem>    TLS CA Certificate, default ./certs/ca-cert.pem
+-A <pem>    TLS CA Certificate, default ./certs/ca-cert.pem
 ```
 
 ```sh
 
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICajCCAg+gAwIBAgIUMkpxF7cixTbgy2s3ZtLYCCq7pmEwCgYIKoZIzj0EAwIw
+gYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEQMA4GA1UEBwwHU2VhdHRsZTEQ
+MA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEjAQBgNVBAMM
+CWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAeFw0y
+MTAzMDExOTU2MjFaFw00MTAyMjQxOTU2MjFaMIGJMQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCQ0ExEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZTU0wxFDAS
+BgNVBAsMC0RldmVsb3BtZW50MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG
+9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
+AAToBp+YdaHpiRuvAWYXgK/mv7M1szpyfv7EXYDQXibu3moryej10+ReWc5neXgD
+VfQEZ1O6CkwPo7lZU6FBhGxmo1MwUTAdBgNVHQ4EFgQUvWcAwbZL6I6LHUZYMSdT
+FBzD3cswHwYDVR0jBBgwFoAUvWcAwbZL6I6LHUZYMSdTFBzD3cswDwYDVR0TAQH/
+BAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAtC5RgbHrOuOOZznMc62hjjmSHFCz
+3GJOj6dVuZkbFxMCIQC+RA9BvaXbUirbRZzyQThhN9ohZR5cu2G9PAwy7o1cXw==
+-----END CERTIFICATE-----
@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIP59qE0IungH9iZIsR9XFytv308g4XQWnWC1XUSvyF3soAoGCCqGSM49
+AwEHoUQDQgAE6AafmHWh6YkbrwFmF4Cv5r+zNbM6cn7+xF2A0F4m7t5qK8no9dPk
+XlnOZ3l4A1X0BGdTugpMD6O5WVOhQYRsZg==
+-----END EC PRIVATE KEY-----
@@ -5,7 +5,7 @@
 
 AC_PREREQ(2.59)
 
-AC_INIT([wolfKeyManager],[0.3],[http://www.wolfssl.com])
+AC_INIT([wolfKeyManager],[0.4],[http://www.wolfssl.com])
 AC_CONFIG_AUX_DIR(config)
 AC_CONFIG_HEADERS([wolfkeymgr/config.h])
 AC_CONFIG_MACRO_DIR(m4)
@@ -71,7 +71,7 @@ LT_PREREQ([2.2])
 LT_INIT([disable-static win32-dll])
 
 # Shared library versioning
-WOLFKM_LIBRARY_VERSION=3:0:0
+WOLFKM_LIBRARY_VERSION=3:0:1
 #                      | | |
 #               +------+ | +---+
 #               |        |     |
 
@@ -37,6 +37,7 @@ static void Usage(void)
                           WOLFKM_DEFAULT_LOG_NAME ? WOLFKM_DEFAULT_LOG_NAME : "None");
     printf("-o <num>    Max open files, default  %d\n", WOLFKM_DEFAULT_FILES);
     printf("-s <num>    Seconds to timeout, default %d\n", WOLFKM_DEFAULT_TIMEOUT);
+    printf("-r <num>    Key renewal timeout, default %d\n", WOLFKM_KEY_RENEW_TIMEOUT);
     printf("-t <num>    Thread pool size, default  %ld\n",
                                                  sysconf(_SC_NPROCESSORS_CONF));
     printf("-d          TLS Disable Mutual Authentication\n");
@@ -70,7 +71,8 @@ int main(int argc, char** argv)
     struct event_base*      mainBase = NULL;    /* main thread's base  */
     FILE*                   pidF = 0;
     svcInfo* etsiSvc = NULL;
-    word32 timeoutSec  = WOLFKM_DEFAULT_TIMEOUT;
+    int sec;
+    word32 timeoutSec  = WOLFKM_DEFAULT_TIMEOUT, renewSec = WOLFKM_KEY_RENEW_TIMEOUT;
     int disableMutualAuth = 0; /* on by default */
     const char* serverKey = WOLFKM_ETSISVC_KEY;
     const char* serverKeyPass = WOLFKM_ETSISVC_KEY_PASSWORD;
@@ -79,7 +81,7 @@ int main(int argc, char** argv)
     signalArg sigArgInt, sigArgTerm;
 
     /* argument processing */
-    while ((ch = getopt(argc, argv, "?bis:t:o:f:l:dk:w:c:A:")) != -1) {
+    while ((ch = getopt(argc, argv, "?bis:t:o:f:l:dk:w:c:A:r:")) != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -91,15 +93,13 @@ int main(int argc, char** argv)
                 core = 1;
                 break;
             case 's' :
-            {
-                int sec = atoi(optarg);
+                sec = atoi(optarg);
                 if (sec < 0) {
                     perror("timeout positive values only accepted");
                     exit(EX_USAGE);
                 }
                 timeoutSec = (word32)sec;
                 break;
-            }
             case 't' :
                 poolSize = atoi(optarg);
                 break;
@@ -134,6 +134,14 @@ int main(int argc, char** argv)
             case 'A':
                 caCert = optarg;
                 break;
+            case 'r':
+                sec = atoi(optarg);
+                if (sec < 0) {
+                    perror("timeout positive values only accepted");
+                    exit(EX_USAGE);
+                }
+                renewSec = (word32)sec;
+                break;
 
             default:
                 Usage();
@@ -185,7 +193,7 @@ int main(int argc, char** argv)
     }
 
     /* setup signal stuff */
-    if (wolfKeyMgr_SigIgnore(SIGPIPE) == -1) {
+    if (wolfSigIgnore(SIGPIPE) == -1) {
         XLOG(WOLFKM_LOG_ERROR, "Failed to ignore SIGPIPE\n");
         ret = EX_OSERR; goto exit;
     }
@@ -201,8 +209,11 @@ int main(int argc, char** argv)
     wolfKeyMgr_SetMaxFiles(maxFiles);
 
     /********** ETSI Service **********/
-    etsiSvc = wolfEtsiSvc_Init(mainBase, timeoutSec);
+    etsiSvc = wolfEtsiSvc_Init(mainBase, renewSec);
     if (etsiSvc) {
+        /* set socket timeut */
+        wolfKeyMgr_SetTimeout(etsiSvc, timeoutSec);
+
         ret = wolfKeyMgr_LoadCAFile(etsiSvc, caCert, WOLFSSL_FILETYPE_PEM);
         if (ret != 0) {
             XLOG(WOLFKM_LOG_ERROR, "Error loading ETSI TLS CA cert\n");
 
@@ -23,17 +23,22 @@
 
 #include "wolfkeymgr/mod_etsi.h"
 
+#include <signal.h>
+
 struct EtsiClientCtx {
     WOLFSSL_CTX*   sslCtx;
     WOLFSSL*       ssl;
     EtsiClientType type;
+    wolfSSL_Mutex  lock;
 };
 
+
 EtsiClientCtx* wolfEtsiClientNew(void)
 {
     EtsiClientCtx* client = (EtsiClientCtx*)malloc(sizeof(EtsiClientCtx));
     if (client) {
         memset(client, 0, sizeof(EtsiClientCtx));
+        wc_InitMutex(&client->lock);
         client->sslCtx = wolfTlsClientNew();
         if (client->sslCtx == NULL) {
             XLOG(WOLFKM_LOG_ERROR, "Error creating TLS client!\n");
@@ -47,10 +52,14 @@ EtsiClientCtx* wolfEtsiClientNew(void)
 int wolfEtsiClientSetKey(EtsiClientCtx* client, const char* keyFile, 
     const char* keyPassword, const char* certFile, int fileType)
 {
+    int ret;
     if (client == NULL) {
         return WOLFKM_BAD_ARGS;
     }
-    return wolfTlsSetKey(client->sslCtx, keyFile, keyPassword, certFile, fileType);
+    wc_LockMutex(&client->lock);
+    ret = wolfTlsSetKey(client->sslCtx, keyFile, keyPassword, certFile, fileType);
+    wc_UnLockMutex(&client->lock);
+    return ret;
 }
 
 int wolfEtsiClientAddCA(EtsiClientCtx* client, const char* caFile)
@@ -60,7 +69,9 @@ int wolfEtsiClientAddCA(EtsiClientCtx* client, const char* caFile)
         return WOLFKM_BAD_ARGS;
     }
 
+    wc_LockMutex(&client->lock);
     ret = wolfTlsAddCA(client->sslCtx, caFile);
+    wc_UnLockMutex(&client->lock);
     return ret;
 }
 
@@ -73,13 +84,15 @@ int wolfEtsiClientConnect(EtsiClientCtx* client, const char* host,
         return WOLFKM_BAD_ARGS;
     }
 
+    wc_LockMutex(&client->lock);
     ret = wolfTlsConnect(client->sslCtx, &client->ssl, host, port, timeoutSec);
     if (ret == 0) {
         XLOG(WOLFKM_LOG_INFO, "Connected to ETSI service\n");
     }
     else {
         XLOG(WOLFKM_LOG_ERROR, "Failure connecting to ETSI service %d\n", ret);   
     }
+    wc_UnLockMutex(&client->lock);
 
     return ret;
 }
@@ -125,12 +138,14 @@ int wolfEtsiClientGet(EtsiClientCtx* client,
         return WOLFKM_BAD_ARGS;
     }
 
+    wc_LockMutex(&client->lock);
+
     /* only send request if we need to */
     if (type != ETSI_CLIENT_PUSH || client->type != type) {
         ret = EtsiClientMakeRequest(type, fingerprint, request, &requestSz);
         if (ret != 0) {
             XLOG(WOLFKM_LOG_INFO, "EtsiClientMakeRequest failed: %d\n", ret);
-            return ret;
+            goto exit;
         }
 
         /* send key request */
@@ -141,7 +156,7 @@ int wolfEtsiClientGet(EtsiClientCtx* client,
             if (ret < 0) {
                 XLOG(WOLFKM_LOG_INFO, "DoClientSend failed: %d (%s)\n", ret,
                     wolfSSL_ERR_reason_error_string(ret));
-                return ret;
+                goto exit;
             }
             pos += ret;
         }
@@ -181,6 +196,9 @@ int wolfEtsiClientGet(EtsiClientCtx* client,
         XLOG(WOLFKM_LOG_INFO, "Got ETSI response (%d bytes)\n", *responseSz);
     }
 
+exit:
+    wc_UnLockMutex(&client->lock);
+
     return ret;
 }
 
@@ -204,15 +222,18 @@ int wolfEtsiClientClose(EtsiClientCtx* client)
     int ret = 0;
     if (client && client->ssl) {
         /* send shutdown */
+        wc_LockMutex(&client->lock);
         ret = wolfTlsClose(client->ssl, 1);
         client->ssl = NULL;
+        wc_UnLockMutex(&client->lock);
     }
     return ret;
 }
 
 void wolfEtsiClientFree(EtsiClientCtx* client)
 {
     if (client) {
+        wc_LockMutex(&client->lock);
         if (client->ssl) {
             wolfTlsClose(client->ssl, 0);
             client->ssl = NULL;
@@ -221,12 +242,17 @@ void wolfEtsiClientFree(EtsiClientCtx* client)
             wolfTlsFree(client->sslCtx);
             client->sslCtx = NULL;
         }
+        wc_UnLockMutex(&client->lock);
+        wc_FreeMutex(&client->lock);
         free(client);
     }
 }
 
 int wolfEtsiClientInit(void)
 {
+    /* Ignore SIGPIPE */
+    wolfSigIgnore(SIGPIPE);
+
 #if 0
     wolfSSL_Debugging_ON();
 #endif
 
@@ -476,3 +476,39 @@ byte* wolfHttpUriDecode(const char *s, byte *dec)
     }
     return dec;
 }
+
+int wolfHttpUrlDecode(HttpUrl* url, char* s)
+{
+    char* dec;
+    if (url == NULL || s == NULL) {
+        return WOLFKM_BAD_ARGS;
+    }
+    memset(url, 0, sizeof(*url));
+
+    /* find :// */
+    dec = strstr(s, "://");
+    if (dec == NULL) {
+        return WOLFKM_BAD_ARGS;
+    }
+
+    *dec = '\0';
+    url->protocol = s;
+    s = dec+3;
+
+    /* find next "/" */
+    url->domain = s;
+    dec = strstr(s, "/");
+    if (dec) {
+        *dec = '\0';
+        url->path = dec+1;
+    }
+    
+    /* find ":" */
+    dec = strstr(s, ":");
+    if (dec) {
+        /* port specified */
+        url->port = atoi(dec+1);
+        *dec = '\0';
+    }
+    return 0;
+}
@@ -142,7 +142,6 @@ int wolfTlsAddCA(WOLFSSL_CTX* ctx, const char* caFile)
     if (ret != WOLFSSL_SUCCESS) {
         XLOG(WOLFKM_LOG_ERROR, "Can't load TLS CA %s into context. Error: %s (%d)\n", 
             caFile, wolfSSL_ERR_reason_error_string(ret), ret);
-        wolfSSL_CTX_free(ctx);
         return WOLFKM_BAD_FILE;
     }
 
 
@@ -823,19 +823,6 @@ static void AcceptCB(struct evconnlistener* listener, evutil_socket_t fd,
 
 
 /* --- PUBLIC FUNCTIONS --- */
-/* Clear action on supplied sig event */
-int wolfKeyMgr_SigIgnore(int sig)
-{
-    struct sigaction sa;
-
-    sa.sa_handler = SIG_IGN;
-    sa.sa_flags = 0;
-
-    if (sigemptyset(&sa.sa_mask) == -1 || sigaction(sig, &sa, 0) == -1)
-        return -1;
-
-    return 0;
-}
 
 /* Our signal handler callback */
 void wolfKeyMgr_SignalCb(evutil_socket_t fd, short event, void* arg)
 
@@ -30,7 +30,7 @@ typedef struct etsiSvcCtx {
     ecc_key         key;  /* last generated key */
     WC_RNG          rng;
     double          last; /* time last generated */
-    word32          timeoutSec;
+    word32          renewSec;
     word32          index;
     pthread_mutex_t lock; /* queue lock */
     pthread_t       thread; /* key gen worker */
@@ -171,8 +171,8 @@ static void* KeyPushWorker(void* arg)
         /* push to any connected clients */
         wolfKeyMgr_NotifyAllClients(svc);
 
-        /* wait timeoutSec */
-        sleep(svcCtx->timeoutSec);
+        /* wait seconds */
+        sleep(svcCtx->renewSec);
     } while (1);
 
     return NULL;
@@ -342,7 +342,7 @@ void wolfEtsiSvc_WorkerFree(svcInfo* svc, void* svcThreadCtx)
 #endif /* WOLFKM_ETSI_SERVICE */
 
 
-svcInfo* wolfEtsiSvc_Init(struct event_base* mainBase, int timeoutSec)
+svcInfo* wolfEtsiSvc_Init(struct event_base* mainBase, int renewSec)
 {
 #ifdef WOLFKM_ETSI_SERVICE
     int ret;
@@ -358,9 +358,7 @@ svcInfo* wolfEtsiSvc_Init(struct event_base* mainBase, int timeoutSec)
 
     pthread_mutex_init(&svcCtx->lock, NULL);
 
-    /* use the timeout to trigger sending new set of keys */
-    wolfKeyMgr_SetTimeout(svc, timeoutSec);
-    svcCtx->timeoutSec = timeoutSec;
+    svcCtx->renewSec = renewSec;
 
     /* start key generation thread */
     if (pthread_create(&svcCtx->thread, NULL, KeyPushWorker, svc) != 0) {
@@ -383,8 +381,8 @@ svcInfo* wolfEtsiSvc_Init(struct event_base* mainBase, int timeoutSec)
     return svc;
 #else
     (void)mainBase;
-    (void)timeoutSec;
-    (void)disableMutalAuth;
+    (void)renewSec;
+
     return NULL;
 #endif
 }
Original file line number	Diff line number	Diff line change
`@@ -23,17 +23,22 @@`
`23`	`23`
`24`	`24`	`#include "wolfkeymgr/mod_etsi.h"`
`25`	`25`
	`26`	`+#include <signal.h>`
	`27`	`+`
`26`	`28`	`struct EtsiClientCtx {`
`27`	`29`	`WOLFSSL_CTX* sslCtx;`
`28`	`30`	`WOLFSSL* ssl;`
`29`	`31`	`EtsiClientType type;`
	`32`	`+ wolfSSL_Mutex lock;`
`30`	`33`	`};`
`31`	`34`
	`35`	`+`
`32`	`36`	`EtsiClientCtx* wolfEtsiClientNew(void)`
`33`	`37`	`{`
`34`	`38`	`EtsiClientCtx* client = (EtsiClientCtx*)malloc(sizeof(EtsiClientCtx));`
`35`	`39`	`if (client) {`
`36`	`40`	`memset(client, 0, sizeof(EtsiClientCtx));`
	`41`	`+ wc_InitMutex(&client->lock);`
`37`	`42`	`client->sslCtx = wolfTlsClientNew();`
`38`	`43`	`if (client->sslCtx == NULL) {`
`39`	`44`	`XLOG(WOLFKM_LOG_ERROR, "Error creating TLS client!\n");`
`@@ -47,10 +52,14 @@ EtsiClientCtx* wolfEtsiClientNew(void)`
`47`	`52`	`int wolfEtsiClientSetKey(EtsiClientCtx* client, const char* keyFile,`
`48`	`53`	`const char* keyPassword, const char* certFile, int fileType)`
`49`	`54`	`{`
	`55`	`+ int ret;`
`50`	`56`	`if (client == NULL) {`
`51`	`57`	`return WOLFKM_BAD_ARGS;`
`52`	`58`	`}`
`53`		`- return wolfTlsSetKey(client->sslCtx, keyFile, keyPassword, certFile, fileType);`
	`59`	`+ wc_LockMutex(&client->lock);`
	`60`	`+ ret = wolfTlsSetKey(client->sslCtx, keyFile, keyPassword, certFile, fileType);`
	`61`	`+ wc_UnLockMutex(&client->lock);`
	`62`	`+ return ret;`
`54`	`63`	`}`
`55`	`64`
`56`	`65`	`int wolfEtsiClientAddCA(EtsiClientCtx* client, const char* caFile)`
`@@ -60,7 +69,9 @@ int wolfEtsiClientAddCA(EtsiClientCtx* client, const char* caFile)`
`60`	`69`	`return WOLFKM_BAD_ARGS;`
`61`	`70`	`}`
`62`	`71`
	`72`	`+ wc_LockMutex(&client->lock);`
`63`	`73`	`ret = wolfTlsAddCA(client->sslCtx, caFile);`
	`74`	`+ wc_UnLockMutex(&client->lock);`
`64`	`75`	`return ret;`
`65`	`76`	`}`
`66`	`77`
`@@ -73,13 +84,15 @@ int wolfEtsiClientConnect(EtsiClientCtx* client, const char* host,`
`73`	`84`	`return WOLFKM_BAD_ARGS;`
`74`	`85`	`}`
`75`	`86`
	`87`	`+ wc_LockMutex(&client->lock);`
`76`	`88`	`ret = wolfTlsConnect(client->sslCtx, &client->ssl, host, port, timeoutSec);`
`77`	`89`	`if (ret == 0) {`
`78`	`90`	`XLOG(WOLFKM_LOG_INFO, "Connected to ETSI service\n");`
`79`	`91`	`}`
`80`	`92`	`else {`
`81`	`93`	`XLOG(WOLFKM_LOG_ERROR, "Failure connecting to ETSI service %d\n", ret);`
`82`	`94`	`}`
	`95`	`+ wc_UnLockMutex(&client->lock);`
`83`	`96`
`84`	`97`	`return ret;`
`85`	`98`	`}`
`@@ -125,12 +138,14 @@ int wolfEtsiClientGet(EtsiClientCtx* client,`
`125`	`138`	`return WOLFKM_BAD_ARGS;`
`126`	`139`	`}`
`127`	`140`
	`141`	`+ wc_LockMutex(&client->lock);`
	`142`	`+`
`128`	`143`	`/* only send request if we need to */`
`129`	`144`	`if (type != ETSI_CLIENT_PUSH \|\| client->type != type) {`
`130`	`145`	`ret = EtsiClientMakeRequest(type, fingerprint, request, &requestSz);`
`131`	`146`	`if (ret != 0) {`
`132`	`147`	`XLOG(WOLFKM_LOG_INFO, "EtsiClientMakeRequest failed: %d\n", ret);`
`133`		`- return ret;`
	`148`	`+ goto exit;`
`134`	`149`	`}`
`135`	`150`
`136`	`151`	`/* send key request */`
`@@ -141,7 +156,7 @@ int wolfEtsiClientGet(EtsiClientCtx* client,`
`141`	`156`	`if (ret < 0) {`
`142`	`157`	`XLOG(WOLFKM_LOG_INFO, "DoClientSend failed: %d (%s)\n", ret,`
`143`	`158`	`wolfSSL_ERR_reason_error_string(ret));`
`144`		`- return ret;`
	`159`	`+ goto exit;`
`145`	`160`	`}`
`146`	`161`	`pos += ret;`
`147`	`162`	`}`
`@@ -181,6 +196,9 @@ int wolfEtsiClientGet(EtsiClientCtx* client,`
`181`	`196`	`XLOG(WOLFKM_LOG_INFO, "Got ETSI response (%d bytes)\n", *responseSz);`
`182`	`197`	`}`
`183`	`198`
	`199`	`+exit:`
	`200`	`+ wc_UnLockMutex(&client->lock);`
	`201`	`+`
`184`	`202`	`return ret;`
`185`	`203`	`}`
`186`	`204`
`@@ -204,15 +222,18 @@ int wolfEtsiClientClose(EtsiClientCtx* client)`
`204`	`222`	`int ret = 0;`
`205`	`223`	`if (client && client->ssl) {`
`206`	`224`	`/* send shutdown */`
	`225`	`+ wc_LockMutex(&client->lock);`
`207`	`226`	`ret = wolfTlsClose(client->ssl, 1);`
`208`	`227`	`client->ssl = NULL;`
	`228`	`+ wc_UnLockMutex(&client->lock);`
`209`	`229`	`}`
`210`	`230`	`return ret;`
`211`	`231`	`}`
`212`	`232`
`213`	`233`	`void wolfEtsiClientFree(EtsiClientCtx* client)`
`214`	`234`	`{`
`215`	`235`	`if (client) {`
	`236`	`+ wc_LockMutex(&client->lock);`
`216`	`237`	`if (client->ssl) {`
`217`	`238`	`wolfTlsClose(client->ssl, 0);`
`218`	`239`	`client->ssl = NULL;`
`@@ -221,12 +242,17 @@ void wolfEtsiClientFree(EtsiClientCtx* client)`
`221`	`242`	`wolfTlsFree(client->sslCtx);`
`222`	`243`	`client->sslCtx = NULL;`
`223`	`244`	`}`
	`245`	`+ wc_UnLockMutex(&client->lock);`
	`246`	`+ wc_FreeMutex(&client->lock);`
`224`	`247`	`free(client);`
`225`	`248`	`}`
`226`	`249`	`}`
`227`	`250`
`228`	`251`	`int wolfEtsiClientInit(void)`
`229`	`252`	`{`
	`253`	`+ /* Ignore SIGPIPE */`
	`254`	`+ wolfSigIgnore(SIGPIPE);`
	`255`	`+`
`230`	`256`	`#if 0`
`231`	`257`	`wolfSSL_Debugging_ON();`
`232`	`258`	`#endif`
Original file line number	Diff line number	Diff line change
`@@ -142,7 +142,6 @@ int wolfTlsAddCA(WOLFSSL_CTX* ctx, const char* caFile)`
`142`	`142`	`if (ret != WOLFSSL_SUCCESS) {`
`143`	`143`	`XLOG(WOLFKM_LOG_ERROR, "Can't load TLS CA %s into context. Error: %s (%d)\n",`
`144`	`144`	`caFile, wolfSSL_ERR_reason_error_string(ret), ret);`
`145`		`- wolfSSL_CTX_free(ctx);`
`146`	`145`	`return WOLFKM_BAD_FILE;`
`147`	`146`	`}`
`148`	`147`