Fast session resumption segfault
Alan DeKok
aland at deployingradius.com
Thu Oct 20 16:17:38 CEST 2011
Phil Mayers wrote:
> On 10/20/2011 01:25 PM, Alan DeKok wrote:
> I'm looking at the code for handling SSL sessions, and I'm not sure it's
> right with regards reference counting.
I have no idea...
> I'm comparing it with the code in mod_ssl, which I'm assuming is
> definitely right; in their "delete" callback, they don't call
> SSL_SESSION_free(). They also return "0" from their "new" callback,
> indicating as they say:
>
> /*
> * return 0 which means to OpenSSL that the pNew is still
> * valid and was not freed by us with SSL_SESSION_free().
> */
> return 0;
>
> Are we sure the session code is doing the right things?
It works... until you do session resumption. :(
> Of course, the crappy OpenSSL API is really, really badly documented so
> it's hard to be sure...
Yeah. It reminds me of the documentation for a graphing program I
used in university. 400 pages of documentation, and *every single*
example in it produced "syntax error" when typed in verbatim.
It takes dedication to be that incompetent.
Alan DeKok.
More information about the Freeradius-Devel
mailing list