mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-22 14:21:25 +02:00
57f60c2316
When ocsp-update is enabled for a given certificate, its certificate_ocsp objects is inserted in two separate trees (the actual ocsp response one and the ocsp update one). But since the same instance is used for the two trees, its ownership is kept by the regular ocsp response one. The ocsp update task should then never have to free the ocsp entries. The crash actually occurred because of this. The update task was freeing entries whose reference counter was not increased while a reference was still held by the SSL_CTXs. The only time during which the ocsp update task will need to increase the reference counter is during an actual update, because at this moment the entry is taken out of the update tree and a 'flying' reference to the certificate_ocsp is kept in the ocsp update context. This bug could be reproduced by calling './haproxy -f conf.cfg -c' with any of the used certificates having the 'ocsp-update on' option. For some reason asan caught the bug easily but valgrind did not. This patch does not need to be backported.
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)