httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: [users@httpd] Unable to fork new process
Date Thu, 26 Jan 2017 00:27:54 GMT
Hi,

On Wed, Jan 25, 2017 at 10:33 PM, Michele Mase' <michele.mase@gmail.com> wrote:
> <?php

I checked restarts with valgrind on latest 2.2.x and found this fixes:

Index: modules/ssl/mod_ssl.c
===================================================================
--- modules/ssl/mod_ssl.c    (revision 1778094)
+++ modules/ssl/mod_ssl.c    (working copy)
@@ -277,7 +277,12 @@ static apr_status_t ssl_cleanup_pre_config(void *d
     /* Don't call ERR_free_strings here; ERR_load_*_strings only
      * actually load the error strings once per process due to static
      * variable abuse in OpenSSL. */
+#if (OPENSSL_VERSION_NUMBER >= 0x00090805f)
+    ERR_free_strings();
+#endif

+    sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
+
     /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
      * ex_data indices may have been cached in static variables in
      * OpenSSL; removing them may cause havoc.  Notably, with OpenSSL
Index: modules/ssl/ssl_util_ssl.c
===================================================================
--- modules/ssl/ssl_util_ssl.c    (revision 1778094)
+++ modules/ssl/ssl_util_ssl.c    (working copy)
@@ -311,6 +311,7 @@ BOOL SSL_X509_isSGC(X509 *cert)
                     break;
                 }
             }
+            EXTENDED_KEY_USAGE_free(sk);
         }
     }
     return is_sgc;
__

> Tomorrow, probably i'll open a ticket with redhat.

The first one (ERR_free_strings) is fixed in 2.4.x and seems to be
backported in redhat's 2.2.* already (at least in
"httpd-2.2.15-56.el6_8.3.src.rpm").

The second one (sk_SSL_COMP_free) is nowhere, neither in httpd nor
redhat (AFAICT) releases.

The last and biggest one (EXTENDED_KEY_USAGE_free) is 2.2 code only
(2.4 not concerned), and seems to affect both httpd-2.x and redhat's.

I won't be able to verify how it affects the different openssl
versions (hence commit anything) in the next few days, just wanted to
notify before being away...

Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message