I'm taking a first pass at getting asynchronous certificate validation and asynchronous stateful session-resumption working in our application. In callbacks, when we need to perform an asynchronous action, we setup our own internal state (bound to the SSL *) to detail what action is going to be performed, then call ASYNC_pause_job(). SSL_read() returns -1, we call SSL_get_error and check for SSL_ERROR_WANT_ASYNC. We check our internal state structure to figure out the asynchronous action we need to perform, perform it, then call SSL_read() again. This is all fine, it works well. In our application active requests can be cancelled if they run for too long. If a request is cancelled after ASYNC_pause_job() has been called but before SSL_read() has been called (i.e the job is paused) what would be the correct way to handle this without leaking memory? I can see SSL_free() calls ASYNC_WAIT_CTX_free, so we shouldn't leak ASYNC_WAIT_CTXs, but heap allocated memory that's not associated with the SSL * or any of its associated structures would theoretically still be leaked. The obvious way of handling this is to mark up the request as cancelled, call SSL_read() and check the request's cancellation state after each call to ASYNC_pause_job() inside the callback. Is there something we can call either before SSL_read() or from within the callback to encourage OpenSSL to terminate the handshake and not call any more callbacks? Is there a better way to handle the cancellations? Many Thanks, -Arran Arran Cudbard-Bell <a.cudbardb@xxxxxxxxxxxxxx> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Attachment:
signature.asc
Description: Message signed with OpenPGP
