kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-03 19:16:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e929b2136857ffe5786d4edb21caad5a8a54a4f1
asterisk/third-party/pjproject/patches/0031-Revert-Fixed-2204-Add-OpenSSL-remote-certificate-cha.patch

85 lines
2.6 KiB
Diff
Raw Normal View History

pjproject_bundled: Revert pjproject 2.9 commits causing leaks We've found a connection re-use regression in pjproject 2.9 introduced by commit "Close #1019: Support for multiple listeners." https://trac.pjsip.org/repos/changeset/6002 https://trac.pjsip.org/repos/ticket/1019 Normally, multiple SSL requests should reuse the same connection if one already exists to the remote server. When a transport error occurs, the next request should establish a new connection and any following requests should use that same one. With this patch, when a transport error occurs, every new request creates a new connection so you can wind up with thousands of open tcp sockets, possibly exhausting file handles, and increasing memory usage. Reverting pjproject commit 6002 (and related 6021) restores the expected behavior. We also found a memory leak in SSL processing that was introduced by commit "Fixed #2204: Add OpenSSL remote certificate chain info" https://trac.pjsip.org/repos/changeset/6014 https://trac.pjsip.org/repos/ticket/2204 Apparently the remote certificate chain is continually recreated causing the leak. Reverting pjproject commit 6014 (and related 6022) restores the expected behavior. Both of these issues have been acknowledged by Teluu. ASTERISK-28521 Change-Id: I8ae7233c3ac4ec29a3b991f738e655dabcaba9f1
2019-09-19 08:50:07 -06:00
From 616a13933f33a6d74f84d85b5bfb858279a09e2d Mon Sep 17 00:00:00 2001
From: George Joseph <gjoseph@digium.com>
Date: Tue, 24 Sep 2019 06:42:04 -0600
Subject: [PATCH 31/33] Revert "Fixed #2204: Add OpenSSL remote certificate
chain info"
This reverts commit f71d60c866c4572a7c8398fe982416771fc6a7f5.
---
pjlib/src/pj/ssl_sock_ossl.c | 45 ------------------------------------
1 file changed, 45 deletions(-)
diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
index debb105b1..109c5c1e2 100644
--- a/pjlib/src/pj/ssl_sock_ossl.c
+++ b/pjlib/src/pj/ssl_sock_ossl.c
@@ -1566,41 +1566,6 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x,
}
}
-/* Update remote certificates chain info. This function should be
- * called after handshake or renegotiation successfully completed.
- */
-static void ssl_update_remote_cert_chain_info(pj_pool_t *pool,
- pj_ssl_cert_info *ci,
- STACK_OF(X509) *chain,
- pj_bool_t get_pem)
-{
- int i;
-
- ci->raw_chain.cert_raw = (pj_str_t *)pj_pool_calloc(pool,
- sk_X509_num(chain),
- sizeof(pj_str_t));
- ci->raw_chain.cnt = sk_X509_num(chain);
-
- for (i = 0; i < sk_X509_num(chain); i++) {
- BIO *bio;
- BUF_MEM *ptr;
- X509 *x = sk_X509_value(chain, i);
-
- bio = BIO_new(BIO_s_mem());
-
- if (!PEM_write_bio_X509(bio, x)) {
- PJ_LOG(3, (THIS_FILE, "Error retrieving raw certificate info"));
- ci->raw_chain.cert_raw[i].ptr = NULL;
- ci->raw_chain.cert_raw[i].slen = 0;
- } else {
- BIO_write(bio, "\0", 1);
- BIO_get_mem_ptr(bio, &ptr);
- pj_strdup2(pool, &ci->raw_chain.cert_raw[i], ptr->data );
- }
-
- BIO_free(bio);
- }
-}
/* Update local & remote certificates info. This function should be
* called after handshake or renegotiation successfully completed.
@@ -1609,7 +1574,6 @@ static void ssl_update_certs_info(pj_ssl_sock_t *ssock)
{
ossl_sock_t *ossock = (ossl_sock_t *)ssock;
X509 *x;
- STACK_OF(X509) *chain;
pj_assert(ssock->ssl_state == SSL_STATE_ESTABLISHED);
@@ -1631,15 +1595,6 @@ static void ssl_update_certs_info(pj_ssl_sock_t *ssock)
} else {
pj_bzero(&ssock->remote_cert_info, sizeof(pj_ssl_cert_info));
}
-
- chain = SSL_get_peer_cert_chain(ossock->ossl_ssl);
- if (chain) {
- ssl_update_remote_cert_chain_info(ssock->pool,
- &ssock->remote_cert_info,
- chain, PJ_TRUE);
- } else {
- ssock->remote_cert_info.raw_chain.cnt = 0;
- }
}
--
2.21.0
Reference in New Issue Copy Permalink