On 04/25/2014 02:59 AM, Amos Jeffries wrote: > On 25/04/2014 12:55 p.m., Alex Rousskov wrote: >> Do not leak [SSL] objects tied to http_port and https_port on reconfigure. >> >> PortCfg objects were not destroyed at all (no delete call) and were >> incorrectly stored (excessive cbdata locking). This change adds >> destruction and removes excessive locking to allow the destructed >> object to be freed. It also cleans up forgotten(?) clientca and crlfile >> PortCfg members. >> >> This change fixes a serious leak but also carries an elevated risk: >> There is a lot of code throughout Squid that does not check the pointers >> to the objects that are now properly destroyed. It is possible that some >> of that code will crash some time after reconfigure. It is not possible >> to ensure that this does not happen without rewriting/fixing the >> offending code to use refcounting. Such a rewrite would be a relatively >> large change outside this patch scope. We may decide that it is better >> to leak than to take this additional risk. >> >> Alex. >> > > -0. > > I have a patch moving the SSL config options into a standalone > ref-counted object. That can be polished up and references added to each > ConnStateData fairly easily.
Amos, what is the status of that patch? Any ETA? Do you expect your changes to be easily portable to v3.3? Thank you, Alex.