On Fri, Aug 15, 2008 at 06:33:21AM -0700, Sander Temme wrote: > > On Aug 15, 2008, at 12:48 AM, Plüm, Rüdiger, VF-Group wrote: > >> 1. Why creating a global pool for dynlockpool? Why can't this be a >> subpool >> of the pool passed to ssl_util_thread_setup? > > Because that's the pconf pool and gets cleared across the lifetime of > some of the mutexes that OpenSSL creates. I tried, and using pconf made > the httpd parent hang on shutdown, in a tight loop trying to clear one of > its pools...
mod_ssl needs to ensure that process-global callbacks registered with OpenSSL will only last for the lifetime of the mod_ssl DSO. If those function pointers remain stored by OpenSSL somewhere and are dereferenced at a point where the mod_ssl DSO is no longer loaded (e.g. during the startup ping-pong of DSOs), it's game over. So generally pconf is the right pool to use, along with a cleanup registered against that pool which sets the callbacks to NULL. Regards, Joe
