Shutting down openssl - is the correct thing to do nothing?

Graham Leggett minfrin at sharp.fm
Fri Jun 14 08:17:08 UTC 2019


On 14 Jun 2019, at 09:41, Matt Caswell <matt at openssl.org> wrote:

> Correct. *All* of the above calls are no-ops in 1.1.0+, e.g:
> 
> #  define EVP_cleanup() while(0) continue
> 
> There are one or two caveats around auto-init and auto-deinit of the library.
> The documentation for it is here:
> 
> https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_crypto.html <https://www.openssl.org/docs/man1.1.1/man3/OPENSSL_init_crypto.html>

Further to the above question, having read the documentation, it looks like all of these init routines should be removed in v1.1.0 and above:

https://svn.apache.org/viewvc/httpd/httpd/tags/2.4.39/modules/ssl/mod_ssl.c?view=markup#l398

CRYPTO_malloc_init();
OPENSSL_malloc_init();
ERR_load_crypto_strings();
SSL_load_error_strings();
SSL_library_init();
ENGINE_load_builtin_engines();
OpenSSL_add_all_algorithms();
OPENSSL_load_builtin_modules();

https://svn.apache.org/viewvc/apr/apr-util/tags/1.6.1/crypto/apr_crypto_openssl.c?view=markup#l133

CRYPTO_malloc_init();
OPENSSL_malloc_init();
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();

Can you confirm I’ve interpreted this correctly?

Regards,
Graham
—

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190614/854666a7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3260 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190614/854666a7/attachment.bin>


More information about the openssl-users mailing list