From: Yann Ylavic Date: Wed, 1 Feb 2017 21:23:17 +0000 (+0000) Subject: mod_ssl: follow up to r1781187. X-Git-Tag: 2.5.0-alpha~712 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c98a1699b0e8e71b5a8ef53889d4107f615a4f70;p=apache mod_ssl: follow up to r1781187. Address SSL_CTX leak in (merged) proxy_ctx. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1781312 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index 7cc21138bd..f1be77aefe 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -98,6 +98,14 @@ BOOL ssl_config_global_isfixed(SSLModConfigRec *mc) ** _________________________________________________________________ */ +#ifdef HAVE_SSL_CONF_CMD +static apr_status_t modssl_ctx_config_cleanup(void *ctx) +{ + SSL_CONF_CTX_free(ctx); + return APR_SUCCESS; +} +#endif + static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p) { mctx->sc = NULL; /* set during module init */ @@ -157,6 +165,9 @@ static void modssl_ctx_init(modssl_ctx_t *mctx, apr_pool_t *p) #endif #ifdef HAVE_SSL_CONF_CMD mctx->ssl_ctx_config = SSL_CONF_CTX_new(); + apr_pool_cleanup_register(p, mctx->ssl_ctx_config, + modssl_ctx_config_cleanup, + apr_pool_cleanup_null); SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_FILE); SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_SERVER); SSL_CONF_CTX_set_flags(mctx->ssl_ctx_config, SSL_CONF_FLAG_CERTIFICATE); diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index ea1dede138..4a8f11a79b 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -1685,7 +1685,6 @@ static apr_status_t ssl_init_server_ctx(server_rec *s, ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); return ssl_die(s); } - SSL_CONF_CTX_free(cctx); #endif if (SSL_CTX_check_private_key(sc->server->ssl_ctx) != 1) {