On Mon, Jan 15, 2018 at 07:33:52PM +0000, [email protected] wrote: >During initialization, libldap sets custom gnutls mutex functions: >https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/libldap/tls_g.c;h=adcb6be04076a91d3a0bf94cf8357f4e51f5b9da;hb=HEAD#l113 > >PAM uses libldap via dlopen and unloads it when it's done, but openldap doesn't >undo gnutls_global_set_mutex, so any further calls to locking functions inside >openldap will segfault since these function pointers now point to nowhere since >openldap is unloaded. > >I encountered this issue in cups since cups uses gnutls itself for the web >interface and segfaults when it uses gnutls after libldap.
Thanks for this report. This is not the first issue caused by our usage of the custom mutex functions; see also <https://bugs.debian.org/803197>. Removing the custom mutex functions and (for sufficiently recent GnuTLS) the calls to gnutls_global_{,de}init() looks like a more and more attractive solution. I am not aware of anyone using OpenLDAP with GnuTLS on a platform for which GnuTLS lacks built-in mutex functions...
