https://issues.apache.org/bugzilla/show_bug.cgi?id=54357
--- Comment #35 from Alex Bligh <[email protected]> --- Kaspar, > This doesn't happen, and is probably the reason you thought v7 would leak. > The SSLModConfigRec ("mc") survives restarts, and the stapling_cert_info > hash is not cleared. Put differently, we only add certinfo for a specific > certificate once in the lifetime of the process - if apr_hash_set() for > certificate X was called at startup, then it's skipped if certificate X is > encountered again in any of the additional rounds (in fact, this also the > reason I put in the TRACE1 log statement, which you'll see only once per > certificate and process lifetime when configuring "LogLevel ssl:trace1"). OK, thanks, I didn't understand that. I will have to think of a more contrived example: Imagine a server with 100 SSL Certificates, which are all changed and the SSL server reloaded once a minute. As the certs are changed, they have different SHA-1 sums. This means not only the OSCP_CERTID but also the certinfo structure leak, as nothing is ever removed from the hash. Technically on server reload we should be freeing the hash and its contents. I am fantastically unbothered about this. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
