Loading CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -1914,6 +1914,12 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after the cached sessions are flushed, as the remove_cb() might use ex_data contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com> (see [openssl.org #212]). [Geoff Thorpe, Lutz Jaenicke] *) Fix typo in OBJ_txt2obj which incorrectly passed the content length, instead of the encoding length to d2i_ASN1_OBJECT. [Steve Henson] Loading ssl/ssl_lib.c +14 −3 Original line number Diff line number Diff line Loading @@ -1409,13 +1409,24 @@ void SSL_CTX_free(SSL_CTX *a) abort(); /* ok */ } #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); /* * Free internal session cache. However: the remove_cb() may reference * the ex_data of SSL_CTX, thus the ex_data store can only be removed * after the sessions were flushed. * As the ex_data handling routines might also touch the session cache, * the most secure solution seems to be: empty (flush) the cache, then * free ex_data, then finally free the cache. * (See ticket [openssl.org #212].) */ if (a->sessions != NULL) { SSL_CTX_flush_sessions(a,0); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); if (a->sessions != NULL) lh_free(a->sessions); } if (a->cert_store != NULL) X509_STORE_free(a->cert_store); if (a->cipher_list != NULL) Loading Loading
CHANGES +6 −0 Original line number Diff line number Diff line Loading @@ -1914,6 +1914,12 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k Changes between 0.9.6g and 0.9.6h [xx XXX xxxx] *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after the cached sessions are flushed, as the remove_cb() might use ex_data contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com> (see [openssl.org #212]). [Geoff Thorpe, Lutz Jaenicke] *) Fix typo in OBJ_txt2obj which incorrectly passed the content length, instead of the encoding length to d2i_ASN1_OBJECT. [Steve Henson] Loading
ssl/ssl_lib.c +14 −3 Original line number Diff line number Diff line Loading @@ -1409,13 +1409,24 @@ void SSL_CTX_free(SSL_CTX *a) abort(); /* ok */ } #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); /* * Free internal session cache. However: the remove_cb() may reference * the ex_data of SSL_CTX, thus the ex_data store can only be removed * after the sessions were flushed. * As the ex_data handling routines might also touch the session cache, * the most secure solution seems to be: empty (flush) the cache, then * free ex_data, then finally free the cache. * (See ticket [openssl.org #212].) */ if (a->sessions != NULL) { SSL_CTX_flush_sessions(a,0); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); if (a->sessions != NULL) lh_free(a->sessions); } if (a->cert_store != NULL) X509_STORE_free(a->cert_store); if (a->cipher_list != NULL) Loading
