On 25/04/2014 12:55 p.m., Alex Rousskov wrote: > Do not leak [SSL] objects tied to http_port and https_port on reconfigure. > > PortCfg objects were not destroyed at all (no delete call) and were > incorrectly stored (excessive cbdata locking). This change adds > destruction and removes excessive locking to allow the destructed > object to be freed. It also cleans up forgotten(?) clientca and crlfile > PortCfg members. > > This change fixes a serious leak but also carries an elevated risk: > There is a lot of code throughout Squid that does not check the pointers > to the objects that are now properly destroyed. It is possible that some > of that code will crash some time after reconfigure. It is not possible > to ensure that this does not happen without rewriting/fixing the > offending code to use refcounting. Such a rewrite would be a relatively > large change outside this patch scope. We may decide that it is better > to leak than to take this additional risk. > > Alex. >
-0. I have a patch moving the SSL config options into a standalone ref-counted object. That can be polished up and references added to each ConnStateData fairly easily. Amos