[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS client certificates and memory use

To: Philip Guenther <guenther+ldapsoft@sendmail.com>, David Hawes <dhawes@vt.edu>
Subject: Re: TLS client certificates and memory use
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Thu, 04 Dec 2008 18:27:53 -0800
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <alpine.BSO.1.10.0812041727230.16761@vanye.sendmail.com>
References: <492C9754.2060700@vt.edu> <90DB5BC1326E6D629F63FFAA@[192.168.1.199]> <492CDC80.3080805@vt.edu> <49355E47.4000205@vt.edu> <49386C22.5040405@vt.edu> <alpine.BSO.1.10.0812041727230.16761@vanye.sendmail.com>

--On Thursday, December 04, 2008 5:47 PM -0800 Philip Guenther <guenther+ldapsoft@sendmail.com> wrote:

In 2.4.x, tls_get_cert_dn() leaks a reference to the client's X509 cert:
the call to SSL_get_peer_certificate() in tls_get_cert() increments the
reference count on the cert and it never gets decremented by a call to
X509_free().  Simply adding the call there might not be safe, depending
on  whether the berval that tls_get_cert_dn() sets up relies on the
underlying  X509 to stay valid for longer than this chain of calls, as
the X509 may be  invalidated by a rehandshake.


File an ITS please. :)

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- Re: TLS client certificates and memory use
  - From: David Hawes <dhawes@vt.edu>
- Re: TLS client certificates and memory use
  - From: David Hawes <dhawes@vt.edu>
- Re: TLS client certificates and memory use
  - From: Philip Guenther <guenther+ldapsoft@sendmail.com>

Prev by Date: Re: TLS client certificates and memory use
Next by Date: slapo-memberof and posixGroup / posixAccount
Index(es):
- Chronological
- Thread