View Issue Details

IDProjectCategoryView StatusLast Update
0005936unrealircdpublic2021-06-27 15:44
Reportersyzop Assigned Tosyzop  
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Target Version5.2.1-rc1Fixed in Version5.2.1-rc1 
Summary0005936: Make REHASH also reread TLS certs
DescriptionNow that OpenSSL is decent I think we can make "REHASH" also do the "REHASH -tls" stuff. Makes things less confusing for our users too.

Previously (though this may have been 15yrs ago) it resulted in memory leaks or crashes due to reference count errors in OpenSSL.
TagsNo tags attached.
3rd party modules

Activities

syzop

2021-06-27 15:44

administrator   ~0022045

https://github.com/unrealircd/unrealircd/commit/79740c4a389c6820887765b8445b49a14a25ddd9

commit 79740c4a389c6820887765b8445b49a14a25ddd9 (HEAD -> unreal52, origin/unreal52, origin/HEAD)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Sun Jun 27 15:35:53 2021 +0200

    Make "REHASH" and ./unrealircd rehash also run the same code as "REHASH -tls",
    if on OpenSSL 1.1.1 or later.
    
    We trust OpenSSL 1.1.1 and later to be good enough to handle all
    the reference counting and freeing nowadays, which is something that
    was not done correctly in (much) older OpenSSL versions, leading
    to crashes on one hand and on memory leaks on the other hand.
    
    In OpenSSL 1.1.0 and earlier we do not rehash tls on simple "REHASH",
    since that code has not been vetted. However, nobody should be
    running those old OpenSSL versions anyway, since they are out of
    official OpenSSL support.

^
I was in a bit of a dillema on that last one. It was like a "inconsistent behavior of REHASH depending on OpenSSL version" vs "let them possibly crash" argument, i chose the former.

Issue History

Date Modified Username Field Change
2021-06-27 14:47 syzop New Issue
2021-06-27 14:47 syzop Assigned To => syzop
2021-06-27 14:47 syzop Status new => acknowledged
2021-06-27 15:44 syzop Status acknowledged => resolved
2021-06-27 15:44 syzop Resolution open => fixed
2021-06-27 15:44 syzop Fixed in Version => 5.2.1-rc1
2021-06-27 15:44 syzop Note Added: 0022045