Frank wrote: > Joe Orton wrote: >> Yes, CRYPTO_get_locking_callback/CRYPTO_get_id_callback. >> [...] > > I already know that this functions exists. But what if my module gets > inited before mod_ssl, which doesn't use the get-functions to determine > that something is already there? I was in the hope to see a clean > general purpose solution. :-) > > After this long and informative discussion I really think there is need > for a ssl_thread_init_if_not_already_done inside Apache. (Besides the > correction/removal of OpenSSL's stupid global locking mechanism.) > > Maybe there is some (small) re-design of the Apache code needed?
Honestly? I'm not happy with the thought of 'entrusting' this to another third party. If we could trust such choices, then the OpenSSL project wouldn't leave it for us to implement as a callback hook :) Unless your module spawns threads itself, before the post_config phase is complete, there is no need to call these if mod_ssl is present. Darryl Miles wrote: > > Your thinking is correct there is a problem. Those OpenSSL functions > are not documented in my man page but exist in the library. Yes there > is a read-test-write race window by using those APIs alone. Nope. This is set when the server process is running in single process, single thread mode, long before the server 'opens up' and spawns off it's worker threads. What I DO agree with is that these callbacks should be locked in much earlier than post_config. I'm happy to see these callbacks locked in at the time we register the module itself.
