[pve-devel] applied: [PATCH cluster v2] Free certificate file after reading it
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Jul 24 11:28:02 CEST 2018
Am 07/24/2018 um 10:42 AM schrieb Stoiko Ivanov:
> Fix #1843
>
> Reading https://$host:8006/nodes repeadedly leads to pveproxy keeping a
> filedescriptor open for each node-certificate in the cluster and eventually
> reaching its NOFile limit..
>
applied, with the 'fix #1843' in the commit messages header.
> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
> changes from v1:
> incorporated Thomas' feedback - Thanks for the suggestion!
>
> data/PVE/Cluster.pm | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/data/PVE/Cluster.pm b/data/PVE/Cluster.pm
> index 7569abc..30c3f48 100644
> --- a/data/PVE/Cluster.pm
> +++ b/data/PVE/Cluster.pm
> @@ -1533,10 +1533,9 @@ sub read_ssl_cert_fingerprint {
> or die "unable to read '$cert_path' - $!\n";
>
> my $cert = Net::SSLeay::PEM_read_bio_X509($bio);
> - if (!$cert) {
> - Net::SSLeay::BIO_free($bio);
> - die "unable to read certificate from '$cert_path'\n";
> - }
> + Net::SSLeay::BIO_free($bio);
> +
> + die "unable to read certificate from '$cert_path'\n" if (!$cert);
>
> my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
> Net::SSLeay::X509_free($cert);
>
More information about the pve-devel
mailing list