View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005936||unreal||ircd||public||2021-06-27 14:47||2021-06-27 15:44|
|Target Version||5.2.1-rc1||Fixed in Version||5.2.1-rc1|
|Summary||0005936: Make REHASH also reread TLS certs|
|Description||Now that OpenSSL is decent I think we can make "REHASH" also do the "REHASH -tls" stuff. Makes things less confusing for our users too.|
Previously (though this may have been 15yrs ago) it resulted in memory leaks or crashes due to reference count errors in OpenSSL.
|Tags||No tags attached.|
|3rd party modules|
commit 79740c4a389c6820887765b8445b49a14a25ddd9 (HEAD -> unreal52, origin/unreal52, origin/HEAD)
Author: Bram Matthys <email@example.com>
Date: Sun Jun 27 15:35:53 2021 +0200
Make "REHASH" and ./unrealircd rehash also run the same code as "REHASH -tls",
if on OpenSSL 1.1.1 or later.
We trust OpenSSL 1.1.1 and later to be good enough to handle all
the reference counting and freeing nowadays, which is something that
was not done correctly in (much) older OpenSSL versions, leading
to crashes on one hand and on memory leaks on the other hand.
In OpenSSL 1.1.0 and earlier we do not rehash tls on simple "REHASH",
since that code has not been vetted. However, nobody should be
running those old OpenSSL versions anyway, since they are out of
official OpenSSL support.
I was in a bit of a dillema on that last one. It was like a "inconsistent behavior of REHASH depending on OpenSSL version" vs "let them possibly crash" argument, i chose the former.
|2021-06-27 14:47||syzop||New Issue|
|2021-06-27 14:47||syzop||Assigned To||=> syzop|
|2021-06-27 14:47||syzop||Status||new => acknowledged|
|2021-06-27 15:44||syzop||Status||acknowledged => resolved|
|2021-06-27 15:44||syzop||Resolution||open => fixed|
|2021-06-27 15:44||syzop||Fixed in Version||=> 5.2.1-rc1|
|2021-06-27 15:44||syzop||Note Added: 0022045|