Removing attached easy handles from OpenSSL SSL instances. Refs #10150. #10151
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
icing
commented
Dec 23, 2022
icing
commented
- keeping the "current" easy handle registered at SSL* is no longer necessary, since the "calling" data object is already stored in the cfilter's context (and used by other SSL backends from there).
- The "detach" of an easy handle that goes out of scope is then avoided.
- This could be the cause of the crash reported in 7.87.0: core dump in curl_easy_cleanup #10150.
icing
added
not-a-curl-bug
bagder
reviewed
Dec 27, 2022
lib/vtls/openssl.c
Outdated
|
|
||
| #else | ||
| /* old style, with some weird backward compat handling, | ||
| * we prefer the more controlled case above. */ |
There was a problem hiding this comment.
"old" here seems to be before 1.1.0 (according to https://www.openssl.org/docs/man1.1.1/man3/SSL_set0_rbio.html) - maybe that can be mentioned here as it might be useful at some point
There was a problem hiding this comment.
Yes, also libressl added it in some of its versions.
There was a problem hiding this comment.
Strangely, latest LibreSSL (3.7.0) has SSL_set0_rbio, but not SSL_set0_wbio. (it has this instead: BIO * SSL_get_wbio(const SSL *s);)
There was a problem hiding this comment.
That sounds very cautious of them.
…#10150. - keeping the "current" easy handle registered at SSL* is no longer necessary, since the "calling" data object is already stored in the cfilter's context (and used by other SSL backends from there). - The "detach" of an easy handle that goes out of scope is then avoided. - This could be the cause of the crash reported in curl#10150. - using SSL_set0_wbio for clear reference counting where available.
bagder
approved these changes
Dec 28, 2022
|
Thanks! |
vszakats
added a commit
to curl/curl-for-win
that referenced
this pull request
Dec 28, 2022
An upcoming curl 7.88.0 build option that is auto-detected with autotools, but not with CMake or GNU Make. Cursory tests indicate that BoringSSL and OpenSSL supports this, but not LibreSSL and wolfSSL. Untested. Ref: curl/curl@f39472e Ref: curl/curl#10151
sjadhavar
reviewed
Jan 3, 2023
| @@ -2674,7 +2644,7 @@ static void ossl_trace(int direction, int ssl_ver, int content_type, | |||
| connssl = cf->ctx; | |||
| DEBUGASSERT(connssl); | |||
| DEBUGASSERT(connssl->backend); | |||
There was a problem hiding this comment.
This can be removed I guess.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.