Re: (tomcat) 04/04: Reduce changes of crash on Library shutdown with OpenSSL connections

Fri, 09 Feb 2024 01:57:54 -0800 

On 09/02/2024 09:35, Rémy Maucherat wrote:

On Thu, Feb 8, 2024 at 10:11 PM <ma...@apache.org> wrote:


This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit e19fa66b8397194f421134debb1f71b590a1f0c0
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Feb 8 18:54:45 2024 +0000

     Reduce changes of crash on Library shutdown with OpenSSL connections


Do you have a test to reproduce that sort of crash ?

I believe the FFM version is "ok" but if you have some easy procedure
to verify that it would be nice.



I could only recreate it on 9.0.x and earlier with the 
TestSSLHostConfigCompat tests.



I did wonder whether the change was necessary for 10.1.x and 11.0.x. In 
the end I opted for consistency but I'm happy to revert the 
Library.isInitialized() changes in 10.1.x onwards if that is the consensus.


Mark



Rémy


---
  .../tomcat/util/net/openssl/OpenSSLContext.java       | 19 +++++++++++--------
  1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java 
b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index f1d7b092ec..12dc41455b 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -46,6 +46,7 @@ import javax.net.ssl.X509TrustManager;
  import org.apache.juli.logging.Log;
  import org.apache.juli.logging.LogFactory;
  import org.apache.tomcat.jni.CertificateVerifier;
+import org.apache.tomcat.jni.Library;
  import org.apache.tomcat.jni.Pool;
  import org.apache.tomcat.jni.SSL;
  import org.apache.tomcat.jni.SSLConf;
@@ -648,14 +649,16 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {

          @Override
          public void run() {
-            if (ctx != 0) {
-                SSLContext.free(ctx);
-            }
-            if (cctx != 0) {
-                SSLConf.free(cctx);
-            }
-            if (aprPool != 0) {
-                Pool.destroy(aprPool);
+            if (Library.isInitialized()) {
+                if (ctx != 0) {
+                    SSLContext.free(ctx);
+                }
+                if (cctx != 0) {
+                    SSLConf.free(cctx);
+                }
+                if (aprPool != 0) {
+                    Pool.destroy(aprPool);
+                }
              }
          }
      }


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org























					Reply via email to