Mark Phalan wrote: > I'm just suggesting a compile-time option. The application could always > set the locking callbacks back to NULL if it knew what it was doing. > > -M
I think this fix is actually a bad one. Will existing libraries continue to not set the locking callbacks and fail horribly if the system OpenSSL isn't compiled with this flag? Or will they set sane locking callbacks to be safe -- making this fix a no-op? The issue is that existing code may set the locking callbacks badly and the horse has already left the stable (we can't redesign them). I don't see how this helps in that case -- the existing code will continue to set the locking callbacks badly, overriding the sane default. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
