Re: [PATCH 6/8] reconfiguration leaks: SSL certificate context cache

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Wed, 20 Aug 2014 18:50:44 -0600

On 08/20/2014 01:09 AM, Amos Jeffries wrote:
> On 20/08/2014 9:27 a.m., Alex Rousskov wrote:
>> On 06/15/2014 05:00 AM, Tsantilas Christos wrote:
>>> On 06/13/2014 10:46 PM, Alex Rousskov wrote:
>>>> On 04/25/2014 01:46 AM, Amos Jeffries wrote:
>>>>> On 25/04/2014 12:56 p.m., Alex Rousskov wrote:
>>>>>> Do not leak fake SSL certificate context cache when reconfigure
>>>>>> changes port addresses.
>>
>>>>> This requires the guarantee that all connections using the storage are
>>>>> closed right?
>>
>>
>>>> Hi Christos,
>>>>
>>>> My understanding is that deleting a cached LocalContextStorage object
>>>> does not actually affect connections that use the corresponding SSL_CTX
>>>> and certificate because any SSL object using those things increments
>>>> their sharing counter and deleting LocalContextStorage only decrements
>>>> that counter. The [cached] SSL_CTX object is not destroyed by
>>>> SSL_CTX_free until that sharing counter reaches zero. Is my
>>>> understanding flawed?
>>
>>
>>> This is true. The SSL_CTX objects are not destroyed.
>>
>>
>>
>>>> Do we have any code that stores SSL_CTX pointers for asyncrhonous use
>>>> (i.e., across many main loop iterations) but does not increment the
>>>> sharing counter?
>>
>>
>>> Nope.
>>> I hope I am not loosing anything. In any case if such case found it
>>> should be considered as bug, and must fixed...
>>
>>
>> Hi Amos,
>>
>> Does the above exchange resolve your concerns regarding that 6/8
>> leak patch? I have re-attached the same patch here for your convenience.
>
> It does, yes. +1.

Committed to trunk as r13537.

Thank you,

Alex.
Received on Thu Aug 21 2014 - 00:50:53 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 21 2014 - 12:00:13 MDT