Changeset a2368a4 in mod_gnutls

Timestamp:

Nov 20, 2015, 7:44:24 PM (3 years ago)

Author:

Thomas Klute <thomas2.klute@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, master, upstream

Children:

73b0bf0

Parents:

2ceb836

Message:

Use TLS session cleanup hook for all connection pools

If a TLS session hasn't been terminated by the time Apache releases
the resources of the associated connection, this hook ensures the
session is deinitialized properly. With this change, the hook is used
for all connections, not just proxy connections as before.

Note that the cleanup hook is just a second line of defense against
memory leaks. The I/O filter functions should close TLS sessions on
EOF, and cleanup_gnutls_session will log a warning if it has to close
a session.

File:

• src/gnutls_hooks.c (modified) (2 diffs)

src/gnutls_hooks.c

@@ -781 +781 @@
                           "gnutls_session_ticket_enable_client failed: %s (%d)",
                           gnutls_strerror(err), err);
-        /* Try to close and deinit the session when the connection
-         * pool is cleared. Note that mod_proxy might not close
-         * connections immediately, if you need that, look at the
-         * "proxy-nokeepalive" environment variable for
-         * mod_proxy_http. */
-        apr_pool_pre_cleanup_register(c->pool, ctxt, cleanup_gnutls_session);
     }
     else
@@ -806 +800 @@
         }
     }
+
+    /* Ensure TLS session resources are released when the connection
+     * pool is cleared, if the filters haven't done that already. */
+    apr_pool_pre_cleanup_register(c->pool, ctxt, cleanup_gnutls_session);
 
     /* Set Default Priority */