Re: [PATCH 6/8] reconfiguration leaks: SSL certificate context cache

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 20 Aug 2014 19:09:26 +1200

On 20/08/2014 9:27 a.m., Alex Rousskov wrote:
> On 06/15/2014 05:00 AM, Tsantilas Christos wrote:
>> On 06/13/2014 10:46 PM, Alex Rousskov wrote:
>>> On 04/25/2014 01:46 AM, Amos Jeffries wrote:
>>>> On 25/04/2014 12:56 p.m., Alex Rousskov wrote:
>>>>> Do not leak fake SSL certificate context cache when reconfigure
>>>>> changes port addresses.
>
>>>> This requires the guarantee that all connections using the storage are
>>>> closed right?
>
>
>>> Hi Christos,
>>>
>>> My understanding is that deleting a cached LocalContextStorage object
>>> does not actually affect connections that use the corresponding SSL_CTX
>>> and certificate because any SSL object using those things increments
>>> their sharing counter and deleting LocalContextStorage only decrements
>>> that counter. The [cached] SSL_CTX object is not destroyed by
>>> SSL_CTX_free until that sharing counter reaches zero. Is my
>>> understanding flawed?
>
>
>> This is true. The SSL_CTX objects are not destroyed.
>
>
>
>>> Do we have any code that stores SSL_CTX pointers for asyncrhonous use
>>> (i.e., across many main loop iterations) but does not increment the
>>> sharing counter?
>
>
>> Nope.
>> I hope I am not loosing anything. In any case if such case found it
>> should be considered as bug, and must fixed...
>
>
> Hi Amos,
>
> Does the above exchange resolve your concerns regarding that 6/8
> leak patch? I have re-attached the same patch here for your convenience.

It does, yes. +1.

Amos

>
>
> Thank you,
>
> Alex.
>
>
Received on Wed Aug 20 2014 - 07:09:48 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 21 2014 - 12:00:13 MDT