On 06/15/2014 05:00 AM, Tsantilas Christos wrote: > On 06/13/2014 10:46 PM, Alex Rousskov wrote: >> On 04/25/2014 01:46 AM, Amos Jeffries wrote: >>> On 25/04/2014 12:56 p.m., Alex Rousskov wrote: >>>> Do not leak fake SSL certificate context cache when reconfigure >>>> changes port addresses.
>>> This requires the guarantee that all connections using the storage are >>> closed right? >> Hi Christos, >> >> My understanding is that deleting a cached LocalContextStorage object >> does not actually affect connections that use the corresponding SSL_CTX >> and certificate because any SSL object using those things increments >> their sharing counter and deleting LocalContextStorage only decrements >> that counter. The [cached] SSL_CTX object is not destroyed by >> SSL_CTX_free until that sharing counter reaches zero. Is my >> understanding flawed? > This is true. The SSL_CTX objects are not destroyed. >> Do we have any code that stores SSL_CTX pointers for asyncrhonous use >> (i.e., across many main loop iterations) but does not increment the >> sharing counter? > Nope. > I hope I am not loosing anything. In any case if such case found it > should be considered as bug, and must fixed... Hi Amos, Does the above exchange resolve your concerns regarding that 6/8 leak patch? I have re-attached the same patch here for your convenience. Thank you, Alex.
Do not leak fake SSL certificate context cache when reconfigure changes port addresses. === modified file 'src/ssl/context_storage.cc' --- src/ssl/context_storage.cc 2014-03-30 12:00:34 +0000 +++ src/ssl/context_storage.cc 2014-04-24 20:35:45 +0000 @@ -73,36 +73,37 @@ Ssl::LocalContextStorage *Ssl::GlobalCon return NULL; else return i->second; } void Ssl::GlobalContextStorage::reconfigureStart() { configureStorage.clear(); reconfiguring = true; } void Ssl::GlobalContextStorage::reconfigureFinish() { if (reconfiguring) { reconfiguring = false; // remove or change old local storages. for (std::map<Ip::Address, LocalContextStorage *>::iterator i = storage.begin(); i != storage.end(); ++i) { std::map<Ip::Address, size_t>::iterator conf_i = configureStorage.find(i->first); if (conf_i == configureStorage.end() || conf_i->second <= 0) { + delete i->second; storage.erase(i); } else { i->second->setMemLimit(conf_i->second); } } // add new local storages. for (std::map<Ip::Address, size_t>::iterator conf_i = configureStorage.begin(); conf_i != configureStorage.end(); ++conf_i ) { if (storage.find(conf_i->first) == storage.end() && conf_i->second > 0) { storage.insert(std::pair<Ip::Address, LocalContextStorage *>(conf_i->first, new LocalContextStorage(-1, conf_i->second))); } } } } Ssl::GlobalContextStorage Ssl::TheGlobalContextStorage;