Memory allocated in SSL_set_tlsext_host_name() isn't freed in
SSL_free(). As a workaround one can do
SSL_set_tlsext_host_name(ssl, NULL) before SSL_free(), but I don't
imagine this was what was meant to be implemented. The bug is easy
to replicate using the code below, using valgrind or your favorite
memory profiler. This was not a problem back in 0.9.8b, but 0.9.8f
and 0.9.8g have this problem.
#include <openssl/ssl.h>
int main(int argc, char **argv) {
SSL *ssl;
SSL_CTX *ctx;
SSL_library_init();
ctx = SSL_CTX_new(SSLv23_client_method());
ssl = SSL_new(ctx);
SSL_set_tlsext_host_name(ssl, "hostname");
SSL_free(ssl);
SSL_CTX_free(ctx);
CRYPTO_cleanup_all_ex_data();
return 0;
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
