httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michele Mase'" <michele.m...@gmail.com>
Subject Re: [users@httpd] Unable to fork new process
Date Thu, 26 Jan 2017 16:58:44 GMT
Ok, I've just tried the loop within apache2.4.x and I confirm it is not
affected by the error.
So, what could be the better solution?
ASAP, I plan to migrate my system on apache 2.4.x.
In the meantime it would be nice that version 2.2 was corrected.
Best Regards
Michele MAsè

On Thu, Jan 26, 2017 at 1:27 AM, Yann Ylavic <ylavic.dev@gmail.com> wrote:

> Hi,
>
> On Wed, Jan 25, 2017 at 10:33 PM, Michele Mase' <michele.mase@gmail.com>
> wrote:
> > <?php
>
> I checked restarts with valgrind on latest 2.2.x and found this fixes:
>
> Index: modules/ssl/mod_ssl.c
> ===================================================================
> --- modules/ssl/mod_ssl.c    (revision 1778094)
> +++ modules/ssl/mod_ssl.c    (working copy)
> @@ -277,7 +277,12 @@ static apr_status_t ssl_cleanup_pre_config(void *d
>      /* Don't call ERR_free_strings here; ERR_load_*_strings only
>       * actually load the error strings once per process due to static
>       * variable abuse in OpenSSL. */
> +#if (OPENSSL_VERSION_NUMBER >= 0x00090805f)
> +    ERR_free_strings();
> +#endif
>
> +    sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
> +
>      /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
>       * ex_data indices may have been cached in static variables in
>       * OpenSSL; removing them may cause havoc.  Notably, with OpenSSL
> Index: modules/ssl/ssl_util_ssl.c
> ===================================================================
> --- modules/ssl/ssl_util_ssl.c    (revision 1778094)
> +++ modules/ssl/ssl_util_ssl.c    (working copy)
> @@ -311,6 +311,7 @@ BOOL SSL_X509_isSGC(X509 *cert)
>                      break;
>                  }
>              }
> +            EXTENDED_KEY_USAGE_free(sk);
>          }
>      }
>      return is_sgc;
> __
>
> > Tomorrow, probably i'll open a ticket with redhat.
>
> The first one (ERR_free_strings) is fixed in 2.4.x and seems to be
> backported in redhat's 2.2.* already (at least in
> "httpd-2.2.15-56.el6_8.3.src.rpm").
>
> The second one (sk_SSL_COMP_free) is nowhere, neither in httpd nor
> redhat (AFAICT) releases.
>
> The last and biggest one (EXTENDED_KEY_USAGE_free) is 2.2 code only
> (2.4 not concerned), and seems to affect both httpd-2.x and redhat's.
>
> I won't be able to verify how it affects the different openssl
> versions (hence commit anything) in the next few days, just wanted to
> notify before being away...
>
> Regards,
> Yann.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message