Hi Christopher, On Thu, Oct 15, 2015 at 03:22:52PM +0200, Christopher Faulet wrote: > Le 15/10/2015 14:45, Seri, Kim a écrit : > >Christopher Faulet <cfaulet@...> writes: > > > >>I confirm the bug. Here is a very quick patch. Could you confirm that it > >>works for you ? > >> > > > >Hi, > > > >I can confirm this patch fixes the crash!! > > > >cf. because of my mail service, I've changed my e-mail > > > >Thanks a lot. > > Great! > > Willy, is it ok to you if I add the CO_FL_DYN_SSL_CTX flag to track > connections with a generated SSL certificate or do you prefer I find > another way to fix the bug ?
I'm still having doubts on the fix, because I feel like we're working around a design issue here. First, the problem is that it's unclear to me in which condition we may end up calling this code. How can it happen that we end up in this code with an empty LRU tree ? Can we generate cookies without a cert cache ? Or can the cert cache be empty with some certs still in use ? If the later, maybe instead we should keep a reference to the cache using the refcount so that we don't kill the entry as long as it's being used. Indeed, this is mostly a matter of being sure that we free an ssl_ctx that was allocated, so there should be other ways to do it than adding more SSL knowledge into the session. I'm not opposed to merging this fix as a quick one to fix the trouble for the affected users, but I'd prefer that we find a cleaner solution if possible. Thanks! Willy
