diff options
Diffstat (limited to 'modules/ssl/mod_ssl.c')
| -rw-r--r-- | modules/ssl/mod_ssl.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 01d5b43b..ff690167 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -227,17 +227,18 @@ static apr_status_t ssl_cleanup_pre_config(void *data) #if HAVE_ENGINE_LOAD_BUILTIN_ENGINES ENGINE_cleanup(); #endif -#ifdef HAVE_OPENSSL -#if OPENSSL_VERSION_NUMBER >= 0x00907001 - CRYPTO_cleanup_all_ex_data(); -#endif -#endif ERR_remove_state(0); /* Don't call ERR_free_strings here; ERR_load_*_strings only * actually load the error strings once per process due to static * variable abuse in OpenSSL. */ + /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered + * ex_data indices may have been cached in static variables in + * OpenSSL; removing them may cause havoc. Notably, with OpenSSL + * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which + * could result in a per-connection memory leak (!). */ + /* * TODO: determine somewhere we can safely shove out diagnostics * (when enabled) at this late stage in the game: |