httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: ssl_die() and pool cleanup
Date Sat, 23 Nov 2013 14:03:26 GMT
On Sat, Nov 23, 2013 at 8:51 AM, Kaspar Brand <httpd-dev.2013@velox.ch>wrote:

> On 23.11.2013 13:56, Jeff Trawick wrote:
> > Maybe I'm still missing something here, but it looks like we can still
> > survive some calls to ssl_die() this logic.  (I guess it doesn't make
> sense
> > to have a configuration where that could happen, but it is confusing
> > looking at the code.)  Look at the various calls to ap_die() in
> > ssl_server_import_key().  If that happens on the SSL_AIDX_RSA call, we'll
> > call it again for SSL_AIDX_DSA.  I think it is best not to continue
> after a
> > fatal error.  Also, if there is a certain type of key file and we fail
> > importing it, we'll first get the fatal error message then print the
> > AP01910 message then get another fatal error message.
>
> Ah right, I overlooked that ssl_die()s are spread all over
> ssl_server_import_{cert,key}. So one option would be to make
> ssl_server_import_{cert,key} sort of tri-state, and then explicitly
> check for APR_EGENERAL in ssl_init_server_certs and abort in this case,
> like in the attached patch?
>
> Kaspar
>

IMO it adds some future-proofing and self explanation to return early if
"(rv != APR_SUCCESS && rv != APR_NOTFOUND)" instead of just checking for
equality with APR_EGENERAL.

YMMV :)

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

Mime
View raw message