> Am 03.08.2018 um 13:34 schrieb Yann Ylavic <[email protected]>:
>
> On Fri, Aug 3, 2018 at 12:45 PM, Yann Ylavic <[email protected]> wrote:
>> On Fri, Aug 3, 2018 at 11:46 AM, Ruediger Pluem <[email protected]> wrote:
>>>> + ap_init_rng(ap_pglobal);
>>>
>>> With APR trunk used this now causes httpd to SEGFAULT in EVP_cleanup
>>> when it stops in case mod_ssl is loaded. This is because mod_ssl
>>> stored data in Openssl data structures that points to it (likely
>>> static data in mod_ssl), but it gets unloaded due to the pconf pool
>>> cleanup before the crypto_lib_cleanup runs EVP_cleanup as it is a
>>> cleanup on the parent pool ap_pglobal.
>>
>> Ouch, ISTM that mod_ssl should cleanup what it owns after itself.
>> Any idea which static data (or code/callbacks) in mod_ssl are still pointed
>> to?
>
> Hmm, while all the libcrypto part is initialized in APR, the libssl
> one is (used in) mod_ssl only, so SSL_load_error_strings() and
> SSL_library_init() are scoped to mod_ssl but not de-inited with pconf.
> I'm not sure there is a way to de-init them (and only them)...
>
> Possibly apr_crypto_lib_init() should be able to init libssl too (optionally).
Never looked at it before. How is the abstraction in apr_crypto supposed to
manage
the lifetime of the components? E.g. when calling apr_crypto_prng_init()
one ties the whole openssl crypto's lifetime to the pool given there?
Does everyone check for APR_EREINIT? And if it comes, what is one supposed to
do?
Is a reference counting de-allocation not better fitting?
-Stefan
