From: Christophe Jaillet Date: Sat, 29 Nov 2014 09:25:02 +0000 (+0000) Subject: Merge r1638772 from trunk X-Git-Tag: 2.4.11~142 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f56ba35613b457452a60554f641bed1a21d95841;p=apache Merge r1638772 from trunk * mod_ssl: call ERR_free_strings() with OpenSSL >= 0.9.8e. Fixes memory leak in mod_ssl on graceful restart. PR 53435. Submitted by: jkaluza Reviewed by: jkaluza, ylavic, covener Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642404 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index a6ac6d5448..aeb37317d0 100644 --- a/CHANGES +++ b/CHANGES @@ -17,6 +17,9 @@ Changes with Apache 2.4.11 request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener] + *) mod_ssl: Fix a memory leak in case of graceful restarts with OpenSSL >= 0.9.8e + PR 53435 [tadanori , Sebastian Wiedenroth ] + *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes. PR 57167 [Edward Lu ] diff --git a/STATUS b/STATUS index 766389a1d5..8ba829d821 100644 --- a/STATUS +++ b/STATUS @@ -104,12 +104,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_ssl: call ERR_free_strings() with OpenSSL >= 0.9.8e. Fixes memory - leak in mod_ssl on graceful restart. PR 53435. - trunk patch: http://svn.apache.org/r1638772 - 2.4.x patch: trunk works - +1 jkaluza, ylavic, covener - PATCHES PROPOSED TO BACKPORT FROM TRUNK: diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 316dc6504e..ac747e3aeb 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -299,9 +299,12 @@ static apr_status_t ssl_cleanup_pre_config(void *data) #endif ERR_remove_state(0); - /* Don't call ERR_free_strings here; ERR_load_*_strings only - * actually load the error strings once per process due to static + /* Don't call ERR_free_strings in earlier versions, ERR_load_*_strings only + * actually loaded the error strings once per process due to static * variable abuse in OpenSSL. */ +#if (OPENSSL_VERSION_NUMBER >= 0x00090805f) + ERR_free_strings(); +#endif /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered * ex_data indices may have been cached in static variables in