Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wolfSSL: Fix session management bug. #9492

Closed
wants to merge 1 commit into from

Conversation

haydenroche5
Copy link
Contributor

Prior to this commit, non-persistent pointers were being used to store sessions. When a WOLFSSL object was then freed, that freed the session it owned, and thus invalidated the pointer held in curl's cache. This commit makes it so we get a persistent (deep copied) session pointer that we then add to the cache. Accordingly, wolfssl_session_free, which was previously a no-op, now needs to actually call SSL_SESSION_free.

This bug was discovered by a wolfSSL customer.

Prior to this commit, non-persistent pointers were being used to store sessions.
When a WOLFSSL object was then freed, that freed the session it owned, and
thus invalidated the pointer held in curl's cache. This commit makes it so we
get a persistent (deep copied) session pointer that we then add to the cache.
Accordingly, wolfssl_session_free, which was previously a no-op, now needs to
actually call SSL_SESSION_free.

This bug was discovered by a wolfSSL customer.
@bagder
Copy link
Member

bagder commented Sep 13, 2022

Thanks!

@bagder bagder closed this in d797339 Sep 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging this pull request may close these issues.

2 participants