Upstream tarball 2.2.9upstream/2.2.9

author: Stefan Fritsch <sf@sfritsch.de> 2011-12-27 19:42:22 +0100
committer: Stefan Fritsch <sf@sfritsch.de> 2011-12-27 19:42:22 +0100
commit: 0268977037115539ad65a26e858aa0df8d18cd13 (patch)
tree: f761b541b04d08b75e32efc6c293111c61a8b79c /modules/ssl/mod_ssl.c
parent: 9e615cb6aa4afcee97f8a1646e5a586261a7b81f (diff)
download: apache2-0268977037115539ad65a26e858aa0df8d18cd13.tar.gz
1 files changed, 6 insertions, 5 deletions
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 01d5b43b..ff690167 100644
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -227,17 +227,18 @@ static apr_status_t ssl_cleanup_pre_config(void *data)
 #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
     ENGINE_cleanup();
 #endif
-#ifdef HAVE_OPENSSL
-#if OPENSSL_VERSION_NUMBER >= 0x00907001
-    CRYPTO_cleanup_all_ex_data();
-#endif
-#endif
     ERR_remove_state(0);
 
     /* Don't call ERR_free_strings here; ERR_load_*_strings only
      * actually load the error strings once per process due to static
      * variable abuse in OpenSSL. */
 
+    /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
+     * ex_data indices may have been cached in static variables in
+     * OpenSSL; removing them may cause havoc.  Notably, with OpenSSL
+     * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which
+     * could result in a per-connection memory leak (!). */
+
     /*
      * TODO: determine somewhere we can safely shove out diagnostics
      *       (when enabled) at this late stage in the game:
author	Stefan Fritsch <sf@sfritsch.de>	2011-12-27 19:42:22 +0100
committer	Stefan Fritsch <sf@sfritsch.de>	2011-12-27 19:42:22 +0100
commit	0268977037115539ad65a26e858aa0df8d18cd13 (patch)
tree	f761b541b04d08b75e32efc6c293111c61a8b79c /modules/ssl/mod_ssl.c
parent	9e615cb6aa4afcee97f8a1646e5a586261a7b81f (diff)
download	apache2-0268977037115539ad65a26e858aa0df8d18cd13.tar.gz