28 lines
1.0 KiB
Diff
28 lines
1.0 KiB
Diff
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c 2008/05/07 14:16:38 654118
|
|
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c 2008/05/07 14:17:31 654119
|
|
@@ -218,17 +218,18 @@
|
|
#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
|
|
ENGINE_cleanup();
|
|
#endif
|
|
-#ifdef HAVE_OPENSSL
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x00907001
|
|
- CRYPTO_cleanup_all_ex_data();
|
|
-#endif
|
|
-#endif
|
|
ERR_remove_state(0);
|
|
|
|
/* Don't call ERR_free_strings here; ERR_load_*_strings only
|
|
* actually load the error strings once per process due to static
|
|
* variable abuse in OpenSSL. */
|
|
|
|
+ /* Also don't call CRYPTO_cleanup_all_ex_data here; any registered
|
|
+ * ex_data indices may have been cached in static variables in
|
|
+ * OpenSSL; removing them may cause havoc. Notably, with OpenSSL
|
|
+ * versions >= 0.9.8f, COMP_CTX cleanups would not be run, which
|
|
+ * could result in a per-connection memory leak (!). */
|
|
+
|
|
/*
|
|
* TODO: determine somewhere we can safely shove out diagnostics
|
|
* (when enabled) at this late stage in the game:
|
|
|