DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29690>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29690 allocator_free() crashes because of NULL-Pointer inside SSL_smart_shutdown() ------- Additional Comments From [EMAIL PROTECTED] 2004-06-19 23:26 ------- Possible workaround found: Make SSL shutdown a quiet one. Changed ssl_util_ssl.c, added 'ssl->quiet_shutdown = 1;' before OpenSSL's SSL_shutdown() is called: int SSL_smart_shutdown(SSL *ssl) { int i; int rc; /* * Repeat the calls, because SSL_shutdown internally dispatches through a * little state machine. Usually only one or two interation should be * needed, so we restrict the total number of restrictions in order to * avoid process hangs in case the client played bad with the socket * connection and OpenSSL cannot recognize it. */ rc = 0; ssl->quiet_shutdown = 1; for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) { if ((rc = SSL_shutdown(ssl))) break; } return rc; } This removes the error completely, however I am not 100% sure about security issues (when does the client not get an abort notification, and when is that dangerous?) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
