Fix remote resources download while hosting SSL site on Apache
As reported by Christian Folin and Walter Hop on our dev mailing list, Apache mod_ssl was failing if a remote resource was utilized. That was happening because Curl clean up was also cleaning up the OpenSSL data used by mod_ssl. This patch moves Curl initialization to happens while ModSecurity is initialized.
This commit is contained in:
Felipe Zimmerle
Родитель
23823bb2c3
Коммит
87a401af05
5
CHANGES
5
CHANGES
|
|
@ -1,6 +1,11 @@
|
|||
DD mmm YYYY - 2.9.????? (To be released)
|
||||
-----------------------
|
||||
|
||||
* Remote resources loading process is now failing in case of HTTP error.
|
||||
[Walter Hop and ModSecurity team]
|
||||
* Fixed start up crash on Apache with mod_ssl configured. Crash was happening
|
||||
during the download of remote resources.
|
||||
[Christian Folini, Walter Hop and ModSecurity team]
|
||||
* Curl is not a mandatory dependency to ModSecurity core anymore.
|
||||
[Rainer Jung and ModSecurity team]
|
||||
|
||||
|
|
|
|||
|
|
@ -23,6 +23,10 @@
|
|||
#include "msc_xml.h"
|
||||
#include "apr_version.h"
|
||||
|
||||
#ifdef WITH_CURL
|
||||
#include <curl/curl.h>
|
||||
#endif
|
||||
|
||||
unsigned long int DSOLOCAL unicode_codepage = 0;
|
||||
|
||||
int DSOLOCAL *unicode_map_table = NULL;
|
||||
|
|
@ -118,6 +122,16 @@ msc_engine *modsecurity_create(apr_pool_t *mp, int processing_mode) {
|
|||
int modsecurity_init(msc_engine *msce, apr_pool_t *mp) {
|
||||
apr_status_t rc;
|
||||
|
||||
/**
|
||||
* Notice that curl is initialized here but never cleaned up. First version
|
||||
* of this implementation curl was initialized and cleaned for every
|
||||
* utilization. Turns out that it was not only cleaning stuff that was
|
||||
* utilized by Curl but also other OpenSSL stuff that was utilized by
|
||||
* mod_ssl leading the SSL support to crash.
|
||||
*/
|
||||
#ifdef WITH_CURL
|
||||
curl_global_init(CURL_GLOBAL_ALL);
|
||||
#endif
|
||||
/* Serial audit log mutext */
|
||||
rc = apr_global_mutex_create(&msce->auditlog_lock, NULL, APR_LOCK_DEFAULT, mp);
|
||||
if (rc != APR_SUCCESS) {
|
||||
|
|
|
|||
|
|
@ -258,7 +258,6 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
|
|||
|
||||
apr_id = apr_psprintf(mp, "ModSec-unique-id: %s", id);
|
||||
|
||||
curl_global_init(CURL_GLOBAL_ALL);
|
||||
curl = curl_easy_init();
|
||||
|
||||
beacon_str_len = msc_beacon_string(NULL, 0);
|
||||
|
|
@ -348,7 +347,6 @@ int msc_remote_download_content(apr_pool_t *mp, const char *uri, const char *key
|
|||
|
||||
curl_easy_cleanup(curl);
|
||||
|
||||
curl_global_cleanup();
|
||||
return 0;
|
||||
#else
|
||||
return -3;
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче