httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 54357] Crash during restart or at startup in mod_ssl, in certinfo_free() function registered by ssl_stapling_ex_init()
Date Thu, 25 Sep 2014 06:05:15 GMT

--- Comment #35 from Alex Bligh <> ---

> This doesn't happen, and is probably the reason you thought v7 would leak.
> The SSLModConfigRec ("mc") survives restarts, and the stapling_cert_info
> hash is not cleared. Put differently, we only add certinfo for a specific
> certificate once in the lifetime of the process - if apr_hash_set() for
> certificate X was called at startup, then it's skipped if certificate X is
> encountered again in any of the additional rounds (in fact, this also the
> reason I put in the TRACE1 log statement, which you'll see only once per
> certificate and process lifetime when configuring "LogLevel ssl:trace1").

OK, thanks, I didn't understand that. I will have to think of a more contrived

Imagine a server with 100 SSL Certificates, which are all changed and the SSL
server reloaded once a minute. As the certs are changed, they have different
SHA-1 sums. This means not only the OSCP_CERTID but also the certinfo structure
leak, as nothing is ever removed from the hash.

Technically on server reload we should be freeing the hash and its contents.

I am fantastically unbothered about this.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message