[pve-devel] [PATCH cluster] Free certificate file after reading it
Stoiko Ivanov
s.ivanov at proxmox.com
Mon Jul 23 14:59:24 CEST 2018
Fix #1843
Reading https://$host:8006/nodes repeadedly leads to pveproxy keeping a
filedescriptor open for each node-certificate in the cluster and each request,
thus eventually reaching its NOFile limit.
In accordance with the SSLeay docs: https://metacpan.org/pod/Net::SSLeay
Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
Would it make sense to unify the certificate reading here with the methods we
have in pve-common/src/PVE/Certificate.pm? It took me longer to find the bug,
since I was focussed on the missing BIO_free in a method there.
data/PVE/Cluster.pm | 1 +
1 file changed, 1 insertion(+)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 7569abc..6dc41ce 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1537,6 +1537,7 @@ sub read_ssl_cert_fingerprint {
Net::SSLeay::BIO_free($bio);
die "unable to read certificate from '$cert_path'\n";
}
+ Net::SSLeay::BIO_free($bio);
my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
Net::SSLeay::X509_free($cert);
--
2.11.0
More information about the pve-devel
mailing list