[pve-devel] [PATCH cluster v2] Free certificate file after reading it
Stoiko Ivanov
s.ivanov at proxmox.com
Tue Jul 24 10:42:40 CEST 2018
Fix #1843
Reading https://$host:8006/nodes repeadedly leads to pveproxy keeping a
filedescriptor open for each node-certificate in the cluster and eventually
reaching its NOFile limit..
Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
changes from v1:
incorporated Thomas' feedback - Thanks for the suggestion!
data/PVE/Cluster.pm | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
index 7569abc..30c3f48 100644
--- a/data/PVE/Cluster.pm
+++ b/data/PVE/Cluster.pm
@@ -1533,10 +1533,9 @@ sub read_ssl_cert_fingerprint {
or die "unable to read '$cert_path' - $!\n";
my $cert = Net::SSLeay::PEM_read_bio_X509($bio);
- if (!$cert) {
- Net::SSLeay::BIO_free($bio);
- die "unable to read certificate from '$cert_path'\n";
- }
+ Net::SSLeay::BIO_free($bio);
+
+ die "unable to read certificate from '$cert_path'\n" if (!$cert);
my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
Net::SSLeay::X509_free($cert);
--
2.11.0
More information about the pve-devel
mailing list