You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Plüm,
Rüdiger,
Vodafone Group <ru...@vodafone.com> on 2018/07/02 08:12:40 UTC
AW: svn commit: r1682074 - in /httpd/httpd/branches/2.4.x: ./
STATUS modules/ssl/ssl_engine_init.c
> -----Ursprüngliche Nachricht-----
> Von: Christophe Jaillet <ch...@wanadoo.fr>
> Gesendet: Samstag, 30. Juni 2018 14:08
> An: dev@httpd.apache.org
> Betreff: Re: svn commit: r1682074 - in /httpd/httpd/branches/2.4.x: ./
> STATUS modules/ssl/ssl_engine_init.c
>
> Le 27/05/2015 à 18:33, wrowe@apache.org a écrit :
> > Author: wrowe
> > Date: Wed May 27 16:33:10 2015
> > New Revision: 1682074
> >
> > URL: http://svn.apache.org/r1682074
> > Log:
> > mod_ssl: fix small memory leak in ssl_init_server_certs when ECDH is
> used.
> > SSL_CTX_set_tmp_ecdh increases reference count, so we have to call
> > EC_KEY_free, otherwise eckey will not be freed.
> >
> > Backports: r1666363
> > Author: jkaluza
> > Reviewed by: rjung, ylavic, wrowe
> >
>
> Hi,
>
> This backport looks incomplete.
>
> In the original patch (r1666363) we have:
> @@ -1151,10 +1151,11 @@
> #if defined(SSL_CTX_set_ecdh_auto)
> SSL_CTX_set_ecdh_auto(mctx->ssl_ctx, 1);
> #else
> - SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx,
> -
> EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
> + eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
> + SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
> which is not in the backported code. (neither in the .patch file, nor in
> the backport itself)
>
> Was it intentional or should the missing part be also backported?
> My feeling is that it should be merged.
I agree that this part should be merged as well.
Regards
Rüdiger