You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by jean-frederic clere <jf...@gmail.com> on 2016/01/06 12:28:49 UTC
Re: Weird behaviour with mod_ssl and SSLCryptoDevice
On 12/15/2015 03:16 PM, Jan Kaluža wrote:
> On 12/15/2015 02:16 PM, Yann Ylavic wrote:
>> Hi Jan,
>>
>> On Tue, Dec 15, 2015 at 12:51 PM, Jan Kaluža <jk...@redhat.com> wrote:
>>>
>>> I think I've just fixed that in <http://svn.apache.org/r1720129>. I will
>>> also propose that for 2.4.x and 2.2.x.
>>
>> Shouldn't we do the same for ecparams below?
>
> Probably yes, I was just checking the arguments which get passed to
> "SSL_CTX_set_*" functions. I think you are right we should call
> EC_GROUP_free there.
According to my tests with trunk there is still a problem, the
ENGINE_cleanup() doesn't finish the engines, I have tried to use
CRYPTO_mem_leaks_fp() to find the leak but there are too many of them to
find where we miss a "free()".
Any idea on the topic?
Cheers
Jean-Frederic
Re: Weird behaviour with mod_ssl and SSLCryptoDevice
Posted by jean-frederic clere <jf...@gmail.com>.
On 01/06/2016 01:17 PM, Yann Ylavic wrote:
> On Wed, Jan 6, 2016 at 12:28 PM, jean-frederic clere <jf...@gmail.com> wrote:
>> On 12/15/2015 03:16 PM, Jan Kaluža wrote:
>>> On 12/15/2015 02:16 PM, Yann Ylavic wrote:
>>>> Hi Jan,
>>>>
>>>> On Tue, Dec 15, 2015 at 12:51 PM, Jan Kaluža <jk...@redhat.com> wrote:
>>>>>
>>>>> I think I've just fixed that in <http://svn.apache.org/r1720129>. I will
>>>>> also propose that for 2.4.x and 2.2.x.
>>>>
>>>> Shouldn't we do the same for ecparams below?
>>>
>>> Probably yes, I was just checking the arguments which get passed to
>>> "SSL_CTX_set_*" functions. I think you are right we should call
>>> EC_GROUP_free there.
>>
>> According to my tests with trunk there is still a problem, the
>> ENGINE_cleanup() doesn't finish the engines, I have tried to use
>> CRYPTO_mem_leaks_fp() to find the leak but there are too many of them to
>> find where we miss a "free()".
>>
>> Any idea on the topic?
>
> I just committed (r1723295) a fix for the leak mentioned above.
It doesn't help :-(
> Do you also use some custom ecparams in the certificate file?
No the core also happens without any parameter in the certificate file.
Cheers
Jean-Frederic
Re: Weird behaviour with mod_ssl and SSLCryptoDevice
Posted by Yann Ylavic <yl...@gmail.com>.
On Wed, Jan 6, 2016 at 12:28 PM, jean-frederic clere <jf...@gmail.com> wrote:
> On 12/15/2015 03:16 PM, Jan Kaluža wrote:
>> On 12/15/2015 02:16 PM, Yann Ylavic wrote:
>>> Hi Jan,
>>>
>>> On Tue, Dec 15, 2015 at 12:51 PM, Jan Kaluža <jk...@redhat.com> wrote:
>>>>
>>>> I think I've just fixed that in <http://svn.apache.org/r1720129>. I will
>>>> also propose that for 2.4.x and 2.2.x.
>>>
>>> Shouldn't we do the same for ecparams below?
>>
>> Probably yes, I was just checking the arguments which get passed to
>> "SSL_CTX_set_*" functions. I think you are right we should call
>> EC_GROUP_free there.
>
> According to my tests with trunk there is still a problem, the
> ENGINE_cleanup() doesn't finish the engines, I have tried to use
> CRYPTO_mem_leaks_fp() to find the leak but there are too many of them to
> find where we miss a "free()".
>
> Any idea on the topic?
I just committed (r1723295) a fix for the leak mentioned above.
Do you also use some custom ecparams in the certificate file?
Regards,
Yann.