You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by do...@apache.org on 2002/02/28 02:30:18 UTC
cvs commit: httpd-2.0/modules/ssl mod_ssl.h ssl_engine_config.c ssl_engine_pphrase.c
dougm 02/02/27 17:30:18
Modified: modules/ssl mod_ssl.h ssl_engine_config.c
ssl_engine_pphrase.c
Log:
reuse vhost keys for asn1 tables where keys are allocated out
of s->process->pool to prevent "leaking" each time we format
a vhost key.
Revision Changes Path
1.64 +1 -0 httpd-2.0/modules/ssl/mod_ssl.h
Index: mod_ssl.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- mod_ssl.h 28 Feb 2002 00:28:05 -0000 1.63
+++ mod_ssl.h 28 Feb 2002 01:30:18 -0000 1.64
@@ -516,6 +516,7 @@
apr_lock_t *pMutex;
apr_array_header_t *aRandSeed;
int nScoreboardSize; /* used for builtin random seed */
+ apr_hash_t *tVHostKeys;
apr_hash_t *tTmpKeys;
void *pTmpKeys[SSL_TKPIDX_MAX];
apr_hash_t *tPublicCert;
1.26 +1 -0 httpd-2.0/modules/ssl/ssl_engine_config.c
Index: ssl_engine_config.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- ssl_engine_config.c 28 Feb 2002 00:28:05 -0000 1.25
+++ ssl_engine_config.c 28 Feb 2002 01:30:18 -0000 1.26
@@ -101,6 +101,7 @@
mc->szMutexFile = NULL;
mc->pMutex = NULL;
mc->aRandSeed = apr_array_make(pPool, 4, sizeof(ssl_randseed_t));
+ mc->tVHostKeys = apr_hash_make(pPool);
mc->tPrivateKey = apr_hash_make(pPool);
mc->tPublicCert = apr_hash_make(pPool);
mc->tTmpKeys = apr_hash_make(pPool);
1.18 +36 -2 httpd-2.0/modules/ssl/ssl_engine_pphrase.c
Index: ssl_engine_pphrase.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_pphrase.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- ssl_engine_pphrase.c 28 Feb 2002 00:28:05 -0000 1.17
+++ ssl_engine_pphrase.c 28 Feb 2002 01:30:18 -0000 1.18
@@ -90,6 +90,40 @@
return APR_SUCCESS;
}
+/*
+ * reuse vhost keys for asn1 tables where keys are allocated out
+ * of s->process->pool to prevent "leaking" each time we format
+ * a vhost key. since the key is stored in a table with lifetime
+ * of s->process->pool, the key needs to have the same lifetime.
+ *
+ * XXX: probably seems silly to use a hash table with keys and values
+ * being the same, but it is easier than doing a linear search
+ * and will make it easier to remove keys if needed in the future.
+ * also have the problem with apr_array_header_t that if we
+ * underestimate the number of vhost keys when we apr_array_make(),
+ * the array will get resized when we push past the initial number
+ * of elts. this resizing in the s->process->pool means "leaking"
+ * since apr_array_push() will apr_alloc arr->nalloc * 2 elts,
+ * leaving the original arr->elts to waste.
+ */
+static char *asn1_table_vhost_key(SSLModConfigRec *mc, apr_pool_t *p,
+ char *id, char *an)
+{
+ /* 'p' pool used here is cleared on restarts */
+ char *key = apr_psprintf(p, "%s:%s", id, an);
+ void *keyptr = apr_hash_get(mc->tVHostKeys, key,
+ APR_HASH_KEY_STRING);
+
+ if (!keyptr) {
+ /* make a copy out of s->process->pool */
+ keyptr = apr_pstrdup(mc->pPool, key);
+ apr_hash_set(mc->tVHostKeys, keyptr,
+ APR_HASH_KEY_STRING, keyptr);
+ }
+
+ return (char *)keyptr;
+}
+
/* _________________________________________________________________
**
** Pass Phrase and Private Key Handling
@@ -199,7 +233,7 @@
* certificate is actually used to configure mod_ssl's per-server
* configuration structures).
*/
- cp = apr_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
+ cp = asn1_table_vhost_key(mc, p, cpVHostID, an);
length = i2d_X509(pX509Cert, NULL);
ucp = ssl_asn1_table_set(mc->tPublicCert, cp, length);
(void)i2d_X509(pX509Cert, &ucp); /* 2nd arg increments */
@@ -426,7 +460,7 @@
* because the SSL library uses static variables inside a
* RSA structure which do not survive DSO reloads!)
*/
- cp = apr_psprintf(mc->pPool, "%s:%s", cpVHostID, an);
+ cp = asn1_table_vhost_key(mc, p, cpVHostID, an);
length = i2d_PrivateKey(pPrivateKey, NULL);
ucp = ssl_asn1_table_set(mc->tPrivateKey, cp, length);
(void)i2d_PrivateKey(pPrivateKey, &ucp); /* 2nd arg increments */