[PATCH] minor leak in StartTLS

Martin Atkins mart at degeneration.co.uk
Thu Mar 6 18:18:58 UTC 2008

Jacob Burkhart wrote:
> I didn't realize it was possible to have multiple VHosts.  Is it 
> possible to have multiple certs too?
> http://code.sixapart.com/trac/djabberd/browser/trunk/djabberd.conf
> The example config shows the certs being configred at the top level 
> (outside the context of the VHost), so I assumed it was not possible to 
> have more than one set of certs.  I'll look into it more...

Actually, I think you're right. I misread the lines of code that 
reference the cert settings:



I didn't notice the ->server in there.

However, the same thing still applies: you could potentially have 
several servers running in the same process too. The stock djabberd 
script doesn't do this, but djabberd can be embedded in other stuff as 
well. I'm not sure what the best solution is, though. Having the SSL 
context in the server object would mean that the server core would 
depend on Net::SSLeay, which is a bit of a layering violation.

It seems strange to me that the cert would be server-wide, since certs 
normally have the domain name in them so you'd need a different cert for 
each domain and thus each vhost. Maybe I'm just misunderstanding how all 
this works, though.

Would you mind cooking up a patch that just calls CTX_free at an 
appropriate moment to fix the memory leak? I'll try to get hold of Brad 
(who wrote this SSL stuff) and see what he thinks the SSL context object 
is supposed to "belong" to.

More information about the Djabberd mailing list