Shutting down openssl - is the correct thing to do nothing?
Graham Leggett
minfrin at sharp.fm
Thu Jun 13 23:42:05 UTC 2019
Hi all,
I am currently reviewing the shutdown behaviour in both httpd’s mod_ssl and apr’s apr-crypto-openssl modules.
Am I right in understanding that from openssl v1.1.0 and upwards, all the following calls are no longer necessary, will be called automatically atexit by the openssl library, and these can be removed from the code?
https://svn.apache.org/viewvc/httpd/httpd/tags/2.4.39/modules/ssl/mod_ssl.c?view=markup#l329
FIPS_mode_set(0);
OBJ_cleanup();
CONF_modules_free();
EVP_cleanup();
ENGINE_cleanup();
SSL_COMP_free_compression_methods();
ERR_remove_thread_state(NULL);
ERR_remove_state(0);
ERR_free_strings();
CRYPTO_cleanup_all_ex_data();
https://svn.apache.org/viewvc/apr/apr-util/tags/1.6.1/crypto/apr_crypto_openssl.c?view=markup#l114
ERR_free_strings();
EVP_cleanup();
ENGINE_cleanup();
Regards,
Graham
—
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3260 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190614/6709b883/attachment.bin>
More information about the openssl-users
mailing list