Robie: removing the reference to certinfo_free where X509_get_ex_new_index is called within ssl_stapling_ex_init works around the 2.4.10 bug at the expense of a memory leak. I haven't (yet) verified this entirely fixes 2.4.7 though I suspect it will. I'll test that in a bit.
Obviously this solution is pretty foul, but is probably better than the current situation. A better solution from upstream would be welcomed. The underlying issue is that not all SSL resources are being correctly individually freed, and for various reasons the cleanup function can't be used to clean them all up. If I've understood this bug right, any apache config that uses SSL is vulnerable to a crash on startup; it just needs to be reasonably complex (sufficiently complex to cause dlopen() to choose a different memory address to load the SSL module). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
