https://issues.apache.org/bugzilla/show_bug.cgi?id=54357
--- Comment #31 from Alex Bligh <[email protected]> --- (In reply to Kaspar Brand from comment #30) > Created attachment 32053 [details] > Patch v7 - store stapling certinfo in a global hash, based on work by Alex > Bligh > > Hmm, ok, so after another closer look, I think I found another issue with > the existing code, actually: IINM, with the current certinfo_free code, we > actually leak the OCSP_CERTID stored cinf->cid (which gets allocated by > OCSP_cert_to_id). > > I came to this conclusion when I was restructuring ssl_stapling_init_cert() > a bit more, and am attaching my current version. I did some limited > "real-world" testing, but more testing and further reviews are welcome and > appreciated, of course. Ah yes. Your v7 is still leaking it on server restart. Whilst we could put in some form of pool handler, that is rather tiresome and I worry about lifetime issues. I had been trying to keep SSL objects out of the cert_info structure. Do we need something like: apr_pool_cleanup_register(p, cid, OCSP_CERTID_free, apr_pool_cleanup_null); in there? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
