Hi Stefan, On Mon, Aug 6, 2018 at 1:47 PM, ste...@eissing.org <ste...@eissing.org> wrote: > Yann and RĂ¼diger, looking at this, I am thinking about how to improve > mod_md's init of openssl. Basically, if mod_ssl + mod_md is loaded, > mod_md does not have to do anything, it seems. > > However, there is a slim chance that someone has another ssl module > (or none?) and what should mod_md do then? I can copy the crypto > parts of the pre_config and cleanup code, but given the ever > increasing version number checks...is there a better way?
I'm currently working on changing APR's apu_dso_load() so that it can work on the given pool (user controlled lifetime) and also (optionally) init/deinit the lib. This is needed (I think) for APR's self handling of its DSOs (focusing on apr_crypto and openssl for now). With this in e.g. APR 1.7 (at best), we can simply call apr_crypto_load_lib("openssl") in each module using openssl like we currently do in trunk (the dynamic linking part in APR trunk is currently being disputed, so I'm on the DSO way now...). Anyway we can't mandate APR 1.7 (at best) in httpd, so I was thinking of copying interesting bits of apu_dso_load() into e.g. ap_dso_load() (or a more openssl only version of it), so that it works in httpd with earlier APR versions too. So we'd configure, build and install something like "mod_ssl_openssl.so/dll" (itself dynamically linked with libcrypto/ssl), that is when a module needs it. Thus we'd ap_dso_load() it in mod_ssl/md/session/... at pre_config time so that the load/unload and init/deinit work once for all according to the given pool (usually the same one, pconf). Would that work for you? I'm not too far from having something for APR, and expecting the ap_ part to be quite straight forward (and mostly copy/paste). Possibly something this week, otherwise after my vacations (more about septembre)... Regards, Yann.