From fd8e32190e772341c85a756b4b157bb14ea24c4e Mon Sep 17 00:00:00 2001
From: Stephen Birarda <commit@birarda.com>
Date: Fri, 4 Apr 2014 11:08:50 -0700
Subject: [PATCH] perform cleanup of GnuTLS structures across targets

---
 assignment-client/src/AssignmentClient.cpp |  4 ++++
 assignment-client/src/AssignmentClient.h   |  1 +
 domain-server/src/DomainServer.cpp         | 14 +++++++++++++
 domain-server/src/DomainServer.h           |  1 +
 interface/src/Application.cpp              |  2 ++
 libraries/shared/src/DTLSClientSession.cpp | 23 ++++++++++------------
 libraries/shared/src/DTLSClientSession.h   |  5 +++--
 7 files changed, 35 insertions(+), 15 deletions(-)

diff --git a/assignment-client/src/AssignmentClient.cpp b/assignment-client/src/AssignmentClient.cpp
index 046f362e1e..c370c78132 100644
--- a/assignment-client/src/AssignmentClient.cpp
+++ b/assignment-client/src/AssignmentClient.cpp
@@ -109,6 +109,10 @@ AssignmentClient::AssignmentClient(int &argc, char **argv) :
             this, &AssignmentClient::handleAuthenticationRequest);
 }
 
+AssignmentClient::~AssignmentClient() {
+    gnutls_global_deinit();
+}
+
 void AssignmentClient::sendAssignmentRequest() {
     if (!_currentAssignment) {
         NodeList::getInstance()->sendAssignment(_requestAssignment);
diff --git a/assignment-client/src/AssignmentClient.h b/assignment-client/src/AssignmentClient.h
index c267c6238b..939d06b14f 100644
--- a/assignment-client/src/AssignmentClient.h
+++ b/assignment-client/src/AssignmentClient.h
@@ -17,6 +17,7 @@ class AssignmentClient : public QCoreApplication {
     Q_OBJECT
 public:
     AssignmentClient(int &argc, char **argv);
+    ~AssignmentClient();
 private slots:
     void sendAssignmentRequest();
     void readPendingDatagrams();
diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp
index 12df8a4ada..a40bb2fa37 100644
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@@ -78,6 +78,20 @@ DomainServer::DomainServer(int argc, char* argv[]) :
     }
 }
 
+DomainServer::~DomainServer() {
+    if (_x509Credentials) {
+        gnutls_certificate_free_credentials(*_x509Credentials);
+        gnutls_priority_deinit(*_priorityCache);
+        gnutls_dh_params_deinit(*_dhParams);
+        
+        delete _x509Credentials;
+        delete _priorityCache;
+        delete _dhParams;
+        delete _cookieKey;
+    }
+    gnutls_global_deinit();
+}
+
 bool DomainServer::optionallySetupDTLS() {
     if (readX509KeyAndCertificate()) {
         if (_x509Credentials) {
diff --git a/domain-server/src/DomainServer.h b/domain-server/src/DomainServer.h
index 6bca67df0d..78e48f1468 100644
--- a/domain-server/src/DomainServer.h
+++ b/domain-server/src/DomainServer.h
@@ -31,6 +31,7 @@ class DomainServer : public QCoreApplication, public HTTPRequestHandler {
     Q_OBJECT
 public:
     DomainServer(int argc, char* argv[]);
+    ~DomainServer();
     
     bool handleHTTPRequest(HTTPConnection* connection, const QUrl& url);
     
diff --git a/interface/src/Application.cpp b/interface/src/Application.cpp
index 4c2d28376f..255712b5b6 100644
--- a/interface/src/Application.cpp
+++ b/interface/src/Application.cpp
@@ -393,6 +393,8 @@ Application::~Application() {
     delete _glWidget;
     
     AccountManager::getInstance().destroy();
+    
+    gnutls_global_deinit();
 }
 
 void Application::restoreSizeAndPosition() {
diff --git a/libraries/shared/src/DTLSClientSession.cpp b/libraries/shared/src/DTLSClientSession.cpp
index 73daa4e03a..58ca99f1a8 100644
--- a/libraries/shared/src/DTLSClientSession.cpp
+++ b/libraries/shared/src/DTLSClientSession.cpp
@@ -8,20 +8,17 @@
 
 #include "DTLSClientSession.h"
 
-gnutls_certificate_credentials_t* DTLSClientSession::x509CACredentials() {
-    static gnutls_certificate_credentials_t x509Credentials;
-    static bool credentialsInitialized = false;
-    
-    if (!credentialsInitialized) {
-        gnutls_certificate_allocate_credentials(&x509Credentials);
-    }
-    
-    return &x509Credentials;
-}
-
 DTLSClientSession::DTLSClientSession(QUdpSocket& dtlsSocket, HifiSockAddr& destinationSocket) :
     DTLSSession(GNUTLS_CLIENT, dtlsSocket, destinationSocket)
 {
+    // _x509 as a member variable and not global/static assumes a single DTLSClientSession per client
+    gnutls_certificate_allocate_credentials(&_x509Credentials);
+    
     gnutls_priority_set_direct(_gnutlsSession, "PERFORMANCE", NULL);
-    gnutls_credentials_set(_gnutlsSession, GNUTLS_CRD_CERTIFICATE, *x509CACredentials());
-}
\ No newline at end of file
+    gnutls_credentials_set(_gnutlsSession, GNUTLS_CRD_CERTIFICATE, _x509Credentials);
+}
+
+DTLSClientSession::~DTLSClientSession() {
+    gnutls_certificate_free_credentials(_x509Credentials);
+}
+
diff --git a/libraries/shared/src/DTLSClientSession.h b/libraries/shared/src/DTLSClientSession.h
index a81daf6d74..325a162f61 100644
--- a/libraries/shared/src/DTLSClientSession.h
+++ b/libraries/shared/src/DTLSClientSession.h
@@ -14,8 +14,9 @@
 class DTLSClientSession : public DTLSSession {
 public:
     DTLSClientSession(QUdpSocket& dtlsSocket, HifiSockAddr& destinationSocket);
-    
-    static gnutls_certificate_credentials_t* x509CACredentials();
+    ~DTLSClientSession();
+private:
+    gnutls_certificate_credentials_t _x509Credentials;
 };
 
 #endif /* defined(__hifi__DTLSClientSession__) */