Ralf,
We've found a pretty significant bug in the mod_ssl 2.6.5, and I've created
a patch for it. This is affecting quite a large number of users (anyone who
builds mod_ssl statically and trys to do a restart or graceful).
Please consider the patch below for immediate inclusion into the next
release of mod_ssl. I've also included some of the original discussion
below.
Thanks,
Dave
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David Rees
Sent: Wednesday, July 26, 2000 3:20 PM
To: [EMAIL PROTECTED]
Subject: RE: [BugDB] Segfault on graceful restart (PR#434)
I've been looking at the source, and the part of the problem seems to be in
the function ssl_init_Module in ssl_engine_init.c If you look around line
225 in the apache_1.3.12/src/modules/ssl/ssl_engine_init.c file, you'll even
see comments on how ssl initialization occurs.
The changes made to ssl_engine_init.c between 2.6.5 and 2.6.4 that you
pointed out reduced a number of memory leaks when doing restarts and
gracefuls when building as a DSO. But there is still a bit of memory leaked
during each restart and graceful. Since we rotate our logs daily, we
completely stop/start the server during that time, otherwise over a period
time/restarts/gracefuls, the memory usage of Apache increases significantly.
I would personally prefer to never have to completely stop Apache, and
backing out the changes in 2.6.5 makes this situation worse.
Of course, having the server die when you restart isn't good, either.
If I had more time, I could look at the source more, but at this point I
don't. I'm sure Ralf will know the right thing to do. It sure would be
great to clear up the rest of those memory leaks, too.
After looking at the openssl documentation and the rest of the code in
ssl_engine_init.c, it looks like we don't want to call those cleanup
functions when we build statically, but we do when built as a module. This
patch should fix things up for everyone without re-introducing any memory
leaks:
--- mod_ssl-2.6.5-1.3.12/pkg.sslmod/ssl_engine_init.c.orig Tue Jul 4
21:21:10 2000
+++ mod_ssl-2.6.5-1.3.12/pkg.sslmod/ssl_engine_init.c Thu Jul 27 10:17:30
2000
@@ -1025,9 +1025,11 @@
/*
* Try to kill the internals of the SSL library.
*/
+#ifdef SHARED_MODULE
ERR_free_strings();
ERR_remove_state(0);
EVP_cleanup();
+#endif
return;
}
Let me know if it works to you, and I'll forward it on to Ralf.
-Dave
> On Wed, Jul 26, 2000 at 02:25:48PM -0700, David Rees wrote:
> >
> > It does matter. When I build using a DSO, it does not crash on
> graceful (at
> > least on Linux and IRIX). Please try it on your system.
> >
> DSO's are handy, and MM is definetely going to help performance a lot, but
> it shouldn't be necessary to avoid the core's. I'd still suggest trying to
> remove those three lines from ssl_engine_init.c first - just to see if it
> makes a difference.
>
> vh
>
> Mads Toftum
> --
> `Darn it, who spiked my coffee with water?!' - lwall
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
