Hi,
On Wed, Jan 25, 2017 at 10:33 PM, Michele Mase' <michele.mase@xxxxxxxxx> wrote:
> <?php
I checked restarts with valgrind on latest 2.2.x and found this fixes:
Index: modules/ssl/mod_ssl.c
===================================================================
--- modules/ssl/mod_ssl.c (revision 1778094)
+++ modules/ssl/mod_ssl.c (working copy)
@@ -277,7 +277,12 @@ static apr_status_t ssl_cleanup_pre_config(void *d
/* Don't call ERR_free_strings here; ERR_load_*_strings only
* actually load the error strings once per process due to static
* variable abuse in OpenSSL. */
+#if (OPENSSL_VERSION_NUMBER >= 0x00090805f)
+ ERR_free_strings();
+#endif
+ sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
+
/* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
* ex_data indices may have been cached in static variables in
* OpenSSL; removing them may cause havoc. Notably, with OpenSSL
Index: modules/ssl/ssl_util_ssl.c
===================================================================
--- modules/ssl/ssl_util_ssl.c (revision 1778094)
+++ modules/ssl/ssl_util_ssl.c (working copy)
@@ -311,6 +311,7 @@ BOOL SSL_X509_isSGC(X509 *cert)
break;
}
}
+ EXTENDED_KEY_USAGE_free(sk);
}
}
return is_sgc;
__
> Tomorrow, probably i'll open a ticket with redhat.
The first one (ERR_free_strings) is fixed in 2.4.x and seems to be
backported in redhat's 2.2.* already (at least in
"httpd-2.2.15-56.el6_8.3.src.rpm").
The second one (sk_SSL_COMP_free) is nowhere, neither in httpd nor
redhat (AFAICT) releases.
The last and biggest one (EXTENDED_KEY_USAGE_free) is 2.2 code only
(2.4 not concerned), and seems to affect both httpd-2.x and redhat's.
I won't be able to verify how it affects the different openssl
versions (hence commit anything) in the next few days, just wanted to
notify before being away...
Regards,
Yann.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|