mirror of
https://github.com/asterisk/asterisk.git
synced 2025-10-27 06:31:54 +00:00
8fb6cbc65e
........ r366052 | mmichelson | 2012-05-10 11:10:18 -0500 (Thu, 10 May 2012) | 7 lines Close the proper tcptls_session when session creation fails. (issue AST-998) Reported by: Thomas Arimont Tested by: Thomas Arimont ........ r367002 | mmichelson | 2012-05-18 11:53:47 -0500 (Fri, 18 May 2012) | 17 lines Fix memory leak of SSL_CTX structures in TLS core. SSL_CTX structures were allocated but never freed. This was a bigger issue for clients than servers since new SSL_CTX structures could be allocated for each connection. Servers, on the other hand, typically set up a single SSL_CTX for their lifetime. This is solved in two ways: 1. In __ssl_setup(), if a tcptls_cfg has an ssl_ctx on it, it is freed so that a new one can take its place. 2. A companion to ast_ssl_setup() called ast_ssl_teardown() has been added so that servers can properly free their SSL_CTXs. (issue ASTERISK-19278) ........ r367416 | mmichelson | 2012-05-23 15:27:47 -0500 (Wed, 23 May 2012) | 5 lines Only call SSL_CTX_free if DO_SSL is defined. Thanks to Paul Belanger for pointing out this error. ........ r369731 | mmichelson | 2012-07-06 13:40:06 -0500 (Fri, 06 Jul 2012) | 19 lines Remove a superfluous and dangerous freeing of an SSL_CTX. The problem here is that multiple server sessions share a SSL_CTX. When one session ended, the SSL_CTX would be freed and set NULL, leaving the other sessions unable to function. The code being removed is superfluous because the SSL_CTX structures for servers will be properly freed when ast_ssl_teardown is called. (closes issue ASTERISK-20074) Reported by Trevor Helmsley Patches: ASTERISK-20074.diff uploaded by Mark Michelson (license #5049) Testers: Trevor Helmsley ........ r373061 | mjordan | 2012-09-14 14:07:20 -0500 (Fri, 14 Sep 2012) | 28 lines Resolve memory leaks in TLS initialization and TLS client connections This patch resolves two sources of memory leaks when using TLS in Asterisk: 1) It removes improper initialization (and multiple re-initializations) of portions of the SSL library. Asterisk calls SSL_library_init and SSL_load_error_strings during SSL initialization; collectively this obviates the need for calling any of the following during initialization or client connection handling: * ERR_load_crypto_strings (handled by SSL_load_error_strings) * OpenSSL_add_all_algorithms (synonym for SSL_library_init) * SSLeay_add_ssl_algorithms (synonym for SSL_library_init) 2) Failure to completely clean up all memory allocated by Asterisk and by the SSL library for TLS clients. This included not freeing the SSL_CTX object in the SIP channel driver, as well as not clearing the error stack when the TLS client exited. Note that these memory leaks were found by Thomas Arimont, and this patch was essentially written by him with some minor tweaks. (closes issue AST-889) Reported by: Thomas Arimont Tested by: Thomas Arimont patches: (bugAST-889.patch) by Thomas Arimont (license 5525) Review: https://reviewboard.asterisk.org/r/2105 ........ Merged revisions 366052,367002,367416,369731,373061 from http://svn.asterisk.org/svn/asterisk/branches/1.8 git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/1.8.11@373088 65c4cc65-6c06-0410-ace0-fbb531ad65f3