Hi, I have caused more than enough chatter about this patch, hopefully this is the last comment
I previously wrote: > > We should not repeatedly load providers in each SIGHUP loop without > unloading them in some uninit() call. That would require saving pointers to > these explicitly loaded providers, unfortunately... > I want to suggest an alternative: act on this option only the first time, not in every SIGHUP loop. The reason being it's not easy to support changing of loaded providers in the default libctx during every SIGHUP in a good way: OpenSSL will parse its config file only once and cannot be convinced to do it again at SIGHUP. Also it will attempt to do the automatic provider loading only once (the so-called fallback to default). That means, running with "--providers foo" and doing a SIGHUP with that option removed from the config file will result in no providers if we unload "foo". If we do not unload it on SIGHUP, it will always be loaded contrary to user intent, as well as leak memory due to multiple loads. Just document that "--providers" will be parsed once and the program has to be restarted to change it. There are other approaches like swapping the default libctx, but not worth the trouble, IMO. Selva >
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
