This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 11.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit ab671fc699a64eb37b2a2dcac7096d680085c8a1 Author: remm <r...@apache.org> AuthorDate: Thu Sep 26 16:53:03 2024 +0200 Avoid possible crashes with OpenSSL Some SSL_CTX might be lying around and still tied to GC. GC might occur after Library.terminate. This should mostly occur with the Tomcat testsuite. --- java/org/apache/catalina/core/AprLifecycleListener.java | 2 ++ java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java | 2 ++ 2 files changed, 4 insertions(+) diff --git a/java/org/apache/catalina/core/AprLifecycleListener.java b/java/org/apache/catalina/core/AprLifecycleListener.java index e7f65cfb02..2502e1132b 100644 --- a/java/org/apache/catalina/core/AprLifecycleListener.java +++ b/java/org/apache/catalina/core/AprLifecycleListener.java @@ -193,6 +193,8 @@ public class AprLifecycleListener implements LifecycleListener { AprStatus.setAprAvailable(false); fipsModeActive = false; sslInitialized = false; // terminate() will clean the pool + // There could be unreferenced SSL_CTX still waiting for GC + System.gc(); Library.terminate(); } diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java index df90d84bcf..17204fd274 100644 --- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java +++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java @@ -350,6 +350,8 @@ public class OpenSSLLibrary { try { if (OpenSSL_version_num() < 0x3000000fL) { + // There could be unreferenced SSL_CTX still waiting for GC + System.gc(); freeDHParameters(); if (!MemorySegment.NULL.equals(enginePointer)) { ENGINE_free(enginePointer); --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org