Full_Name: Dennis Norgord
Version: 2.6.2-1.3.12
OS: RedHat 6.1 Linux
Submission from: (NULL) (158.222.124.59)
I've applied the following patch to my 2.6.2 code, but I'm not absolutely
certain how it applies to 2.6.3 (since other things have changed). This fix is
a followup to bug report #345.
- - - - - - -
Regarding the function ssl_ext_mp_close_connection()
When SSL_EXPERIMENTAL is defined, the ctx is reused (see references to
->pSSLProxyCtx) and should not be freed.
When SSL_EXPERIMENTAL is not defined, the ctx must be freed to avoid a
memory leak.
Bracketing the appropriate lines with #ifndef SSL_EXPERIMENTAL as shown
below, fixes this problem.
File ssl_engine_ext.c line 535
------------------ CHANGED FROM ------------------
static void ssl_ext_mp_close_connection(void *_fb)
{
BUFF *fb = _fb;
SSL *ssl;
SSL_CTX *ctx;
ssl = ap_ctx_get(fb->ctx, "ssl");
if (ssl != NULL) {
ctx = SSL_get_SSL_CTX(ssl);
SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
SSL_smart_shutdown(ssl);
SSL_free(ssl);
ap_ctx_set(fb->ctx, "ssl", NULL);
if (ctx != NULL)
SSL_CTX_free(ctx);
}
return;
}
------------------ CHANGED TO ------------------
static void ssl_ext_mp_close_connection(void *_fb)
{
BUFF *fb = _fb;
SSL *ssl;
#ifndef SSL_EXPERIMENTAL
SSL_CTX *ctx;
#endif
ssl = ap_ctx_get(fb->ctx, "ssl");
if (ssl != NULL) {
#ifndef SSL_EXPERIMENTAL
ctx = SSL_get_SSL_CTX(ssl);
#endif
SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
SSL_smart_shutdown(ssl);
SSL_free(ssl);
ap_ctx_set(fb->ctx, "ssl", NULL);
#ifndef SSL_EXPERIMENTAL
if (ctx != NULL)
SSL_CTX_free(ctx);
#endif
}
return;
}
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
