[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Looking for config option to stop use of CryptoAPI (TSVN 1.7.1)

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Wed, 30 Nov 2011 22:39:50 +0100

On 30.11.2011 22:06, Joel Jirak wrote:
>>>
>>> BTW, I _think_ the reason I see the crashes and you don't is because I
>>> have the smart card software AND I've enabled that registry key to
>>> disable loading the CAPI library. So, for me, SSL_CTX_new() calls
>>> ENGINE_by_id() for the CAPI engine, which fails, so then
>>> ENGINE_load_builtin_engines() gets called (for the second time).
>>
>> So a build without CAPI would fix the issues for you?
>
> Yes please! I didn't know that was an option. Disabling CAPI was
> what we did in 1.5.x, but I thought you wanted to enable it for 1.7.x.
> Here's the 1.5.4 thread where you ended up disabling it:
> http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=92849

Yes, but then I patched OpenSSL so I could enable it in the build again.
Disabling it for all would be a bad idea.

>> Maybe a patch to ENGINE_by_id() would help that doesn't error out if
>> CAPI isn't loaded but just steps over it?
>>
>
> No, you'd need to not ask for the CAPI engine in the first place. I
> think that would work.
>
> I think disabling GOST in general is the right thing to do because
> operations like opening the repo-browser still spin up multiple
> threads that each call ENGINE_load_builtin_engines(), which could
> cause the GOST double-free/memory leak. In my case, the problem is
> more evident because each thread calls that function twice.

I can't see any difference in calling ENGINE_load_builtin_engines() on
my machine here, with or without the CAPI engine disabled with the
registry setting.
But I do see the double free of the GOST engine in the debugger - no
crash in the release version though, but I guess that's just luck.
And I don't see the double free every time, only some time (1 out of ten
maybe).

> Not asking for the CAPI engine in the first place (keying off the
> registry setting, presumably) would reduce but not eliminate the
> chance of hitting the GOST problem.

Is there any progress going on for that issue? It's visible only if
you're logged in, and I don't have an account there (yet).

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2889443
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-11-30 22:40:07 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.