On Tue, Mar 5, 2019 at 2:47 PM Tomas Mraz <tmraz@xxxxxxxxxx> wrote: > > But is it in reality at all possible to explicitly unload OpenSSL? Well, I don't want to forcibly unload openssl precisely, I want it to unload when its refcount reaches zero. > You're talking here about mod_ssl but what if the OpenSSL is loaded not > just by mod_ssl but by other shared library loaded into the httpd > process - for example libkrb5 or libldap. Then you can see what > disaster can happen if mod_ssl on unload explicitly calls > OpenSSL_cleanup(). Yes, I don't want to blindly cleanup openssl in mod_ssl either, I want modules to cooperate on who initializes/cleans-up. There is no such thing as httpd needing libkrb5 or libldap, modules may, and the APR library (which httpd [h]e[a]vily relies on) may also link to openssl and need its init/cleanup. So my goal is to make the APR library able and responsible to init/cleanup openssl for httpd and its modules (which is not an easy thing to do properly from 0.9.8 to latest..., so a single place to do it well makes sense), based on its lifetime handling mechanism, namely APR pools. If openssl is needed by (and for the whole lifetime of) httpd, bind it to the process pool, if it's needed by module(s) bind it to the configuration pool and init/cleanup will happen explictely once and only once at the right time. Modules that cooperate with APR will use its apr_crypto_lib helpers and trust init/cleanup to be done once and only once. Modules that don't cooperate with APR (or using libs that don't) will still OPENSSL_init_*() but it's not an issue (can be called multiple times), same for OPENSSL_cleanup() although I doubt one is doing this (besides mod_ssl, which precisely I want to fix). Anyway modules are effectively unloaded on stop/restart in httpd, and so are the libs they are linked with, and the next start does not necessarily requires the same openssl intialization/configuration, but it should not be an issue provided modules can cooperate. httpd is the (final-)application which knows here, it's not a lib like openssl or APR (both of which shouldn't impose their lifetime to their users). So likewise APR will also have an option to not init/cleanup openssl at all since it's possibly not the only consumer, but for those who wants to cooperate fully through APR (like httpd), it's also possible. > > The explicit cleanup is thus simply a no-go in distro-wide use of > OpenSSL. Why? Distros know better than the applications they run? Since we are here, why OPENSSL_cleanup() exists and is public in the first place, and why no-pinshared or OPENSSL_INIT_NO_ATEXIT? Regards, Yann.
