Fast session resumption segfault
Phil Mayers
p.mayers at imperial.ac.uk
Thu Oct 20 22:15:21 CEST 2011
On 10/20/2011 07:18 PM, Phil Mayers wrote:
> Quite how we solve it I don't know... I'm going to (shudder) look at the
> OpenSSL source to see if it does any locking around session objects; I
> just don't see from the API how you can used the get/set_ex_data
> functions safely in a threaded environment!
>
Oh dear oh dear oh dear...
So - it turns out the session callbacks that we set with:
SSL_CTX_sess_set_{new,get,remove}_cb
...are not in fact called when you would think. In particular, the
"remove" callback is NOT called when the session refcount==0. It is
called when it's removed from the list of "will accept a resume". The
actual session object refcount can go to zero at a later time, so
freeing the "ex_data" in the "remove" callback is definitely the wrong
thing to do.
It gets worse: OpenSSL does provide a way to register
create/duplicate/delete callbacks for "ex_data" objects that will be
called at the proper time; but the API is extremely verbose and AFAICT
largely undocumented. But to remove the cached VPs, that's what we would
need to do.
Sigh. It's like they were deliberately trying to make life difficult...
More information about the Freeradius-Devel
mailing list