[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Bryan Stansell bryan@conserver.com
Sun, 23 Feb 2003 20:19:23 -0800 (PST)
On Thu, Feb 13, 2003 at 07:13:44PM -0800, Bryan Stansell wrote: > i'm going to focus on looking at the memory leaks and see if i can't > track some of this down. good news folks! i've tracked down the memory leaks when using the openssl library. the good news is that it's all inside the conserver code, and just in main.c. i've attached a patch based on 7.2.5, but you should be able to put the code changes in 7.2.4 as well (or perhaps patch will just drop it in - haven't checked). i'm still looking into the PAM leaks...hopefully i'll find something soon (been looking, but haven't tracked it down). Bryan
*** main.c.orig Wed Jan 8 17:19:03 2003
--- main.c Sun Feb 23 20:02:09 2003
***************
*** 80,85 ****
--- 80,89 ----
SSL_CTX *ctx = (SSL_CTX *) 0;
int fReqEncryption = 1;
char *pcCredFile = (char *)0;
+ DH *dh512 = (DH *)0;
+ DH *dh1024 = (DH *)0;
+ DH *dh2048 = (DH *)0;
+ DH *dh4096 = (DH *)0;
DH *
#if USE_ANSI_PROTO
***************
*** 291,303 ****
{
switch (keylength) {
case 512:
! return get_dh512();
case 1024:
! return get_dh1024();
case 2048:
! return get_dh2048();
default:
! return get_dh4096();
}
}
--- 295,315 ----
{
switch (keylength) {
case 512:
! if (dh512 == (DH *)0)
! dh512 = get_dh512();
! return dh512;
case 1024:
! if (dh1024 == (DH *)0)
! dh1024 = get_dh1024();
! return dh1024;
case 2048:
! if (dh2048 == (DH *)0)
! dh2048 = get_dh2048();
! return dh2048;
default:
! if (dh4096 == (DH *)0)
! dh4096 = get_dh4096();
! return dh4096;
}
}
***************
*** 343,348 ****
--- 355,361 ----
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
SSL_MODE_AUTO_RETRY);
SSL_CTX_set_tmp_dh_callback(ctx, tmp_dh_callback);
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
if (SSL_CTX_set_cipher_list(ctx, "ALL:!LOW:!EXP:!MD5:@STRENGTH") !=
1) {
Error("Setting SSL cipher list failed");