Ok, I've just tried the loop within apache2.4.x and I confirm it is not affected by the error. So, what could be the better solution? ASAP, I plan to migrate my system on apache 2.4.x. In the meantime it would be nice that version 2.2 was corrected. Best Regards Michele MAsè
On Thu, Jan 26, 2017 at 1:27 AM, Yann Ylavic <ylavic....@gmail.com> wrote: > Hi, > > On Wed, Jan 25, 2017 at 10:33 PM, Michele Mase' <michele.m...@gmail.com> > wrote: > > <?php > > I checked restarts with valgrind on latest 2.2.x and found this fixes: > > Index: modules/ssl/mod_ssl.c > =================================================================== > --- modules/ssl/mod_ssl.c (revision 1778094) > +++ modules/ssl/mod_ssl.c (working copy) > @@ -277,7 +277,12 @@ static apr_status_t ssl_cleanup_pre_config(void *d > /* Don't call ERR_free_strings here; ERR_load_*_strings only > * actually load the error strings once per process due to static > * variable abuse in OpenSSL. */ > +#if (OPENSSL_VERSION_NUMBER >= 0x00090805f) > + ERR_free_strings(); > +#endif > > + sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); > + > /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered > * ex_data indices may have been cached in static variables in > * OpenSSL; removing them may cause havoc. Notably, with OpenSSL > Index: modules/ssl/ssl_util_ssl.c > =================================================================== > --- modules/ssl/ssl_util_ssl.c (revision 1778094) > +++ modules/ssl/ssl_util_ssl.c (working copy) > @@ -311,6 +311,7 @@ BOOL SSL_X509_isSGC(X509 *cert) > break; > } > } > + EXTENDED_KEY_USAGE_free(sk); > } > } > return is_sgc; > __ > > > Tomorrow, probably i'll open a ticket with redhat. > > The first one (ERR_free_strings) is fixed in 2.4.x and seems to be > backported in redhat's 2.2.* already (at least in > "httpd-2.2.15-56.el6_8.3.src.rpm"). > > The second one (sk_SSL_COMP_free) is nowhere, neither in httpd nor > redhat (AFAICT) releases. > > The last and biggest one (EXTENDED_KEY_USAGE_free) is 2.2 code only > (2.4 not concerned), and seems to affect both httpd-2.x and redhat's. > > I won't be able to verify how it affects the different openssl > versions (hence commit anything) in the next few days, just wanted to > notify before being away... > > Regards, > Yann. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
