https://bz.apache.org/bugzilla/show_bug.cgi?id=62552
--- Comment #15 from Stefan Eissing <[email protected]> --- The minimal backtrace shows where exactly the crash in openssl 1.0.2 happens: Thread 1 (Thread 0x7ffff7fe0780 (LWP 31111)): #0 0x00007ffff4346610 in ?? () #1 0x00007ffff4f07935 in ssleay_rand_status () at md_rand.c:577 #2 0x00007ffff54b312c in md_crypt_init (pool=pool@entry=0x555555803388) at md_crypt.c:136 And md_rand.c:577 in OpenSSL 1.0.2 is: 571: static int ssleay_rand_status(void) 572: { 573: CRYPTO_THREADID cur; 574: int ret; 575: int do_not_lock; 576: 577: CRYPTO_THREADID_current(&cur); Which hints at problems with initialization order in openssl usage *before* mod_ssl installs its own crypto lock handler. OpenSSL 1.1.x eliminated that locking callback, I think. For an apache with several modules using OpenSSL, how would we ensure that initialization order is deterministic. And what if modules want to access openssl *before* the post config phase? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
