httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 56919] Creating a large number of SSL sites using DBDDriver pgsql causes a SIGSEGV / SIGILL on load
Date Wed, 10 Sep 2014 15:06:07 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=56919

--- Comment #10 from Kaspar Brand <asfbugz@velox.ch> ---
Thank you for the thorough debugging and analysis, Alex. I think it's really a
duplicate of bug 54357, and it would be best to dupe this one into it (or vice
versa).

(In reply to Alex Bligh from comment #9)
> The final option would be to rewrite the stapling code so it didn't use
> ex_data at all. To me this seems like the best route, but I don't understand
> the stapling code well enough to do it.
> 
> Is there some easier option I have missed?

One option might be to avoid ex_data fiddling in the "first round", based on a
ssl_config_global_isfixed() check - i.e., something like this (untested):

Index: ssl_engine_init.c
===================================================================
--- ssl_engine_init.c   (revision 1624017)
+++ ssl_engine_init.c   (working copy)
@@ -272,7 +272,9 @@
         return HTTP_INTERNAL_SERVER_ERROR;
     }
 #ifdef HAVE_OCSP_STAPLING
-    ssl_stapling_ex_init();
+    if (ssl_config_global_isfixed(mc) == TRUE) {
+        ssl_stapling_ex_init();
+    }
 #endif

     /*
@@ -1067,6 +1069,7 @@
          * later, we defer to the code in ssl_init_server_ctx.
          */
         if ((mctx->stapling_enabled == TRUE) &&
+            (ssl_config_global_isfixed(mc) == TRUE) &&
             !ssl_stapling_init_cert(s, mctx, cert)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02567)
                          "Unable to configure certificate %s for stapling",
@@ -1418,7 +1421,8 @@
      * (late) point makes sure that we catch both certificates loaded
      * via SSLCertificateFile and SSLOpenSSLConfCmd Certificate.
      */
-    if (sc->server->stapling_enabled == TRUE) {
+    if ((sc->server->stapling_enabled == TRUE) &&
+        (ssl_config_global_isfixed(myModConfig(s)) == TRUE)) {
         X509 *cert;
         int i = 0;
         int ret = SSL_CTX_set_current_cert(sc->server->ssl_ctx,


Getting rid of ex_data might be cleaner in the end, and was actually one of
Joe's questions on the dev list in October 2009:

https://mail-archives.apache.org/mod_mbox/httpd-dev/200910.mbox/%3C20091025200721.GA20714@redhat.com%3E

(see also bug 43822)

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message