httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: [PATCH] Dynamic locking upcalls in mod_ssl
Date Mon, 18 Aug 2008 09:18:17 GMT
On Fri, Aug 15, 2008 at 06:33:21AM -0700, Sander Temme wrote:
>
> On Aug 15, 2008, at 12:48 AM, Plüm, Rüdiger, VF-Group wrote:
>
>> 1. Why creating a global pool for dynlockpool? Why can't this be a  
>> subpool
>>   of the pool passed to ssl_util_thread_setup?
>
> Because that's the pconf pool and gets cleared across the lifetime of  
> some of the mutexes that OpenSSL creates.  I tried, and using pconf made 
> the httpd parent hang on shutdown, in a tight loop trying to clear one of 
> its pools...

mod_ssl needs to ensure that process-global callbacks registered with 
OpenSSL will only last for the lifetime of the mod_ssl DSO.  If those 
function pointers remain stored by OpenSSL somewhere and are 
dereferenced at a point where the mod_ssl DSO is no longer loaded (e.g. 
during the startup ping-pong of DSOs), it's game over.

So generally pconf is the right pool to use, along with a cleanup 
registered against that pool which sets the callbacks to NULL.

Regards, Joe

Mime
View raw message