Hello,
On Fri, 2018-07-13 at 10:40 +0200, Michael Menge wrote:
>
> I have been running mupdate with STARTTLS for a few years with 2.3.x
> and 2.4.x.
> It didn't crash as predictable as 3.0, but we had some instances where ...
The likely reason, why it hasn't crashеа as predictable is, that
out of curiosity, why is mupdate multi-threaded in the first place?
I asked around last week but it seems like that answer has been lost to
history. It was added a long time ago, so it might have been a "threads
are cheaper than processes" decision. The initial commit for
imap/mupdate.c
Hi Michael,
On Fri, Jul 13, 2018, at 6:40 PM, Michael Menge wrote:
> Hi Ellie
>
> thanks for your replies,
>
> Quoting ellie timoney :
>
> > From what I'm seeing here, it looks like mupdate calls
> > tls_init_serverengine() for each new STARTTLS session, and then
> > calls
Hi Ellie
thanks for your replies,
Quoting ellie timoney :
From what I'm seeing here, it looks like mupdate calls
tls_init_serverengine() for each new STARTTLS session, and then
calls tls_shutdown_serverengine() when that session ends.
The thing is though, the TLS state that these
>From what I'm seeing here, it looks like mupdate calls tls_init_serverengine()
>for each new STARTTLS session, and then calls tls_shutdown_serverengine()
>when that session ends.
The thing is though, the TLS state that these functions manage is something
like a singleton, it should only
I'm still digging, but if you amend your log patch to also NULL out dh_params
after it frees it, that would at least prevent it trying to free it over and
over:
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
-if (dh_params) DH_free(dh_params);
+if (dh_params) {
+
> so it seems to me that the dh_params were set once on startup but
> freed for each closed connection
Yikes :o
On Thu, Jul 12, 2018, at 7:09 PM, Michael Menge wrote:
> Hi,
>
> Дилян had suggested to add some debug outputs to imap/tls.c
>
>
>
> diff --git a/imap/tls.c b/imap/tls.c
Hi,
Дилян had suggested to add some debug outputs to imap/tls.c
diff --git a/imap/tls.c b/imap/tls.c
--- a/imap/tls.c
+++ b/imap/tls.c
@@ -893,7 +893,9 @@ EXPORTED int tls_init_serverengine(const char *ident,
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
/* Load DH params for
Hello Michael,
this is likely either a memory mishandling issue (use after free(),
double free(), invalid read()/write()...), which gets evident if cyrus
is run under valgrind --tool=memcheck. I run it with
valgrind --num-callers=30 --leak-check=full --track-origins=yes --read-
var-info=yes