Hi Matt,
On 16/04/2020 14:42, Harald Koch wrote: Hello list,
I have a TLS server which is started on demand in a multithreaded (pthread) application. The TLS server is one thread which is being started and stopped. At first start, the TLS server initialized with SSL_CTX_new with TLS_server_method works as expected, after cleaning up, eliminating the thread and starting it again at a later time in the same process, SSL_CTX_new returns NULL. I’ve been digging deeper into the initialization code, and found out that in crypto/threads_pthread.c, function
What does your clean up code look like? Are you taking specific steps to cleanup OpenSSL and if so what are they?
I’m checking if my actually used SSL and CTX are up, and if so, cleanup them before thread killing:
if(ssl != NULL) { // assigned by SSL_new before SSL_free(ssl); ssl = NULL; } /* Free the SSL_CTX structure */ if(ctx != NULL) { // assigned by SSL_CTX_new before SSL_CTX_free(ctx); ctx = NULL; }
CRYPTO_THREAD_set_local the call to pthread_setspecific returns a value != 0 (in my case: 22). The error queue of openSSL stays empty. The same code works with openSSL 1.1.0 in all versions. Some posts googled state that before usage, be sure to run OPENSSL_init_ssl (which I do, even if not required to my analysis since it’s already called in one of the called functions deeper in the library). Am I missing something in a multithreaded environment?
|