On 24 Jul 2018, at 18:06, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote: >> Or is it correct in v1.1.0 and above to just not initialise anything at all, not clean anything up at all, and expect openssl to “do the right thing” when mod_ssl is unloaded? > > Yes. And *especially* when the code that depends on OpenSSL is itself a library. > OpenSSL is now (and should ideally always have been) self-initializing. What should be behaviour be in openssl < 1.1.0? The scenario is as follows: - httpd runs. - httpd dynamically loads mod_ssl, apr_crypto_openssl, libpq, libldap, etc. - mod_ssl, apr_crypto_openssl, libpq, libldap, etc in turn dynamically load openssl. - At some point a graceful shutdown is attempted and mod_ssl, apr_crypto_openssl, libpq, libldap, etc are unloaded. - …what next? How should mod_ssl, apr_crypto_openssl, libpq, libldap, etc handle the unloading of openssl < 1.1.0? Should they run the openssl init functions but not the teardown functions? (And just accept a leak). Should they suppress attempts to unload mod_ssl, apr_crypto_openssl, libpq, libldap, etc if we know for sure that openssl < 1.1.0 is linked to them? Regards, Graham — -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
