https://issues.apache.org/bugzilla/show_bug.cgi?id=56919
--- Comment #6 from Alex Bligh <[email protected]> --- I believe I now understand the root cause of this bug and it's very NASTY. I don't think it's properly fixed in 2.4.10 for any certificates. What appears to be happening is this. In main.c (prior to line 702), apache processes the config file. This dlopen()'s mod_ssl, and calls ssl_init_Module(). At main.c line 707, inside the 'for (;;)' loop around reloads, it does an apr_pool_clear(). This dlclose()'s all the modules that have been open, and reprocesses the configuration, which again dlopen()'s mod_ssl and calls ssl_init_Module() again. However, inspection shows that mod_ssl isn't always loaded at the same address. If you have a large configuration, that's more likely (not sure whether it's a memory leak, or fragmentation, or what, but this is the cause). For instance, I put a breakpoint on ssl_init_Module(), and then ran apache2 and got the output below. You can see the location of ssl_init_Module has changed. This in itself would not be an issue. However, when the certificates are first loaded through openssl, they are set up with a free_func (in the openssl structure) that points to something in mod_ssl freeing the additional storage - see http://osxr.org/openssl/source/crypto/ex_data.c#0566 When the config file is reprocessed, that free_func's address changes. However, openssl object has not (yet) been freed. When it is, the free_func() is called using the PREVIOUS address associated with mod_ssl. What I believe is happening here is that the SSL library is checking to see whether a certificate with the same CN has already been loaded, here: http://osxr.org/openssl/source/ssl/ssl_cert.c#0707 and deinitialising mod_ssl is not clearing the loaded certificates. This is probably deliberate as there may be other users of the openssl library that might also be loading certificates. I don't really know how one would go about fixing this. The least horrible option I think would be to never dlclose() a module once it is loaded. IE a reload of apache2 would leave modules in RAM (but presumably deinited), so that they would always be at the same place. A reload would then leave them loaded. Breakpoint 1, ssl_init_Module (p=0x7ffff7ff0028, plog=0x7ffff7fbe028, ptemp=0x7ffff7fbc028, base_server=0x7ffff7fc1ec8) at ssl_engine_init.c:138 138 { (gdb) print pc No symbol "pc" in current context. (gdb) print &ssl_init_Module $1 = (apr_status_t (*)(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *)) 0x7ffff03d7000 <ssl_init_Module> (gdb) cont Continuing. warning: Temporarily disabling breakpoints for unloaded shared library "/usr/lib/apache2/modules/mod_ssl.so" [New Thread 0x7fffe6fee700 (LWP 56253)] [Thread 0x7fffe6fee700 (LWP 56253) exited] Breakpoint 1, ssl_init_Module (p=0x7ffff7ff0028, plog=0x7ffff7fbe028, ptemp=0x7ffff7fc0028, base_server=0x7ffff7fc2de0) at ssl_engine_init.c:138 138 { (gdb) print &ssl_init_Module $2 = (apr_status_t (*)(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *)) 0x7ffff03cd000 <ssl_init_Module> (g -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
