[Bug 62023] Tomcat crashes when SSLprotocol value is defined

Mon, 22 Jan 2018 07:10:24 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=62023

--- Comment #7 from Coty Sutherland <csuth...@redhat.com> ---
I can reproduce this by adding any SSLHostConfig attribute to the Connector
(namely `SSLVerifyClient="optional"`). The problem here is that when using APR
and specifying Connector configuration which creates two '_default_'
SSLHostConfig objects, tomcat-native crashes without providing any indication
of what happened. That is not a great user experience :( This happens because
org.apache.tomcat.util.net.AprEndpoint.releaseSSLContext() tries to release a
zero context that tomcat-native asserts is non-zero (see tomcat-native
native/src/sslcontext.c:363). After doing some tracing, it looks like
AprEndpoint's releaseSSLContext method calls sslHostConfig.getOpenSslContext()
and sslHostConfig.getOpenSslConfContext() which always seem to return 0. Is
that correct behavior? It seems a bit buggy to me.

I was able to correct this behavior by adding two zero checks to the
releaseSSLContext method in AprEndpoint:

 629     @Override
 630     protected void releaseSSLContext(SSLHostConfig sslHostConfig) {
 631         Long ctx = sslHostConfig.getOpenSslContext();
 632         if (ctx != null && ctx != 0) {
 633             SSLContext.free(ctx.longValue());
 634             sslHostConfig.setOpenSslContext(null);
 635         }
 636         Long cctx = sslHostConfig.getOpenSslConfContext();
 637         if (cctx != null && cctx != 0) {
 638             SSLConf.free(cctx.longValue());
 639             sslHostConfig.setOpenSslConfContext(null);
 640         }
 641     }

This causes the correct behavior to occur (at least it does the same thing as
NioEndpoint and prints the endpoint.duplicateSslHostName message). I was going
to push this, but given that I'm not sure how this OpenSSLContext stuff is
supposed to work and the lack of javadocs in the new classes, I thought it best
to get someone's opinion first.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to