On 23.02.2017 23:33, Andrew Culver wrote: > Tried 5.41b3 and it's no longer segfaulting. I'll keep an eye out for > 5.41 stable. Here's the debug log if it should help Peter with his > workaround:
I think the proper course of action would be to check whether this
change of OpenSSL's behavior was intentional, and submit a bug report
(or propose a fix) if it wasn't. Implementing a workaround in stunnel
may potentially cause a memory leak.
Peter: Please let me know if you need my help.
The workaround proposed by Peter (with my small improvement) is:
diff --git a/src/ctx.c b/src/ctx.c
index 9f12ded..c4ef866 100644
--- a/src/ctx.c
+++ b/src/ctx.c
@@ -911,7 +911,10 @@ NOEXPORT void sess_remove_cb(SSL_CTX *ctx,
SSL_SESSION *sess) {
opt=SSL_CTX_get_ex_data(ctx, index_opt);
if(opt->option.sessiond)
cache_remove(ctx, sess);
+#if OPENSSL_VERSION_NUMBER<0x10100000L
+ /* OpenSSL before 1.1.0 does not free the session automatically */
SSL_SESSION_free(sess);
+#endif
}
Best regards,
Mike
signature.asc
Description: OpenPGP digital signature
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
