On 14/06/2019 00:42, Graham Leggett wrote: > Hi all, > > I am currently reviewing the shutdown behaviour in both httpd’s mod_ssl and apr’s apr-crypto-openssl modules. > > Am I right in understanding that from openssl v1.1.0 and upwards, all the following calls are no longer necessary, will be called automatically atexit by the openssl library, and these can be removed from the code? > > https://svn.apache.org/viewvc/httpd/httpd/tags/2.4.39/modules/ssl/mod_ssl.c?view=markup#l329 > > FIPS_mode_set(0); > OBJ_cleanup(); > CONF_modules_free(); > EVP_cleanup(); > ENGINE_cleanup(); > SSL_COMP_free_compression_methods(); > ERR_remove_thread_state(NULL); > ERR_remove_state(0); > ERR_free_strings(); > CRYPTO_cleanup_all_ex_data(); > > https://svn.apache.org/viewvc/apr/apr-util/tags/1.6.1/crypto/apr_crypto_openssl.c?view=markup#l114 > > ERR_free_strings(); > EVP_cleanup(); > ENGINE_cleanup(); > Correct. *All* of the above calls are no-ops in 1.1.0+, e.g: # define EVP_cleanup() while(0) continue There are one or two caveats around auto-init and auto-deinit of the library. The documentation for it is here: https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_crypto.html Matt
