1.3.6 Progress
This week I fixed a few more issues for the upcoming 1.3.6 release. Everything is in the 1.3.6 branch in SVN. There are a few more bugs that need to be fixed before we can release. One that’s particulary nasty is #2864380. The memory leak only occurs if client or server certificate validation is performed (Context::VERIFY_RELAXED or Context::VERIFY_STRICT). Now the strange thing is that the NetSSL code does nothing special in this case, it just affects the call to SSL_CTX_set_verify() in the Context constructor. So either the leak is in OpenSSL (which I don’t really believe), or we’re using OpenSSL in an inappropriate way. If anyone could take a look at this issue, this would be highly appreciated.
Update 2009-11-16: I found and fixed the NetSSL memory issue.
Thanks for the update!
Comment by Seth on October 31, 2009, 12:48
tried to run that test under Valgrind, but couldnt get it to work, it fails in so many ways under Linux ( client thread manages to start before server, throws exception. instert a delay and server starts throwing on socket::close because other side closed the connection etc. )
Comment by kert on November 1, 2009, 23:48
Hi,
One thing that I notice with the SSL code is that most other programs call `SSL_CTX_set_options` at some point during a context setup. This function implements various fixups(*) supplied by openssl. Might I suggest adding `SSL_CTX_set_options (_pSSLContext, SSL_OP_ALL);` into Context.cpp somewhere as soon after `SSL_CTX_new` as possible.
I’ll add more comments with any other ideas I have.
(*) info about this function and the fixups can be found here:
http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
Thanks,
Alex
Comment by Alex on November 13, 2009, 04:28