[stunnel-users] Segfault after connecting
MichaĆ Trojnara
Michal.Trojnara at stunnel.org
Fri Feb 24 07:47:04 CET 2017
On 23.02.2017 23:33, Andrew Culver wrote:
> Tried 5.41b3 and it's no longer segfaulting. I'll keep an eye out for
> 5.41 stable. Here's the debug log if it should help Peter with his
> workaround:
I think the proper course of action would be to check whether this
change of OpenSSL's behavior was intentional, and submit a bug report
(or propose a fix) if it wasn't. Implementing a workaround in stunnel
may potentially cause a memory leak.
Peter: Please let me know if you need my help.
The workaround proposed by Peter (with my small improvement) is:
diff --git a/src/ctx.c b/src/ctx.c
index 9f12ded..c4ef866 100644
--- a/src/ctx.c
+++ b/src/ctx.c
@@ -911,7 +911,10 @@ NOEXPORT void sess_remove_cb(SSL_CTX *ctx,
SSL_SESSION *sess) {
opt=SSL_CTX_get_ex_data(ctx, index_opt);
if(opt->option.sessiond)
cache_remove(ctx, sess);
+#if OPENSSL_VERSION_NUMBER<0x10100000L
+ /* OpenSSL before 1.1.0 does not free the session automatically */
SSL_SESSION_free(sess);
+#endif
}
Best regards,
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170224/c7ee058d/attachment.sig>
More information about the stunnel-users
mailing list