source: mod_gnutls/debian/patches/no-deinit-on-proxy-disable.patch @ 037760e

debian/masterdebian/stretch-backportsjessie-backports
Last change on this file since 037760e was 2db6923, checked in by Daniel Kahn Gillmor <dkg@…>, 4 years ago

refresh patches with gbp pq

  • Property mode set to 100644
File size: 1.3 KB
  • src/mod_gnutls.c

    From: Thomas Klute <thomas2.klute@uni-dortmund.de>
    Date: Wed, 21 Jan 2015 09:41:51 +0100
    Subject: Don't do global deinit when disabling TLS for a proxy back end
     connection
    
    Prior to this commit, ssl_engine_disable called mgs_cleanup_pre_config
    on the connection pool before returning:
    
    mgs_cleanup_pre_config(c->pool);
    
    mgs_cleanup_pre_config does not even touch the argument, as its
    signature shows.
    
    apr_status_t mgs_cleanup_pre_config(void *data __attribute__((unused)));
    
    It does, however, deinitialize the global session cache and, more
    importantly, the global GnuTLS data structures. Trying to use those
    deinitialized data structures led to segmentation faults during TLS
    handshake.
    
    Since there is no reason to globally deinitialize GnuTLS when disabling
    TLS for one specific proxy back end connection, the solution is to
    simply remove the call to mgs_cleanup_pre_config from
    ssl_engine_disable.
    ---
     src/mod_gnutls.c | 2 +-
     1 file changed, 1 insertion(+), 1 deletion(-)
    
    diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
    index e974ae8..760445f 100644
    a b int ssl_engine_disable(conn_rec *c) 
    100100        ap_remove_input_filter(c->input_filters);
    101101    if (c->output_filters)
    102102        ap_remove_output_filter(c->output_filters);
    103     mgs_cleanup_pre_config(c->pool);
     103
    104104    return 1;
    105105}
    106106
Note: See TracBrowser for help on using the repository browser.