Shouldn't no-pinshared be the default?

Yann Ylavic ylavic.dev at gmail.com
Tue Mar 5 15:00:55 UTC 2019


On Tue, Mar 5, 2019 at 2:47 PM Tomas Mraz <tmraz at redhat.com> wrote:
>
> But is it in reality at all possible to explicitly unload OpenSSL?

Well, I don't want to forcibly unload openssl precisely, I want it to
unload when its refcount reaches zero.

> You're talking here about mod_ssl but what if the OpenSSL is loaded not
> just by mod_ssl but by other shared library loaded into the httpd
> process - for example libkrb5 or libldap. Then you can see what
> disaster can happen if mod_ssl on unload explicitly calls
> OpenSSL_cleanup().

Yes, I don't want to blindly cleanup openssl in mod_ssl either, I want
modules to cooperate on who initializes/cleans-up.
There is no such thing as httpd needing libkrb5 or libldap, modules
may, and the APR library (which httpd [h]e[a]vily relies on) may also
link to openssl and need its init/cleanup.
So my goal is to make the APR library able and responsible to
init/cleanup openssl for httpd and its modules (which is not an easy
thing to do properly from 0.9.8 to latest..., so a single place to do
it well makes sense), based on its lifetime handling mechanism, namely
APR pools.
If openssl is needed by (and for the whole lifetime of) httpd, bind it
to the process pool, if it's needed by module(s) bind it to the
configuration pool and init/cleanup will happen explictely once and
only once at the right time. Modules that cooperate with APR will use
its apr_crypto_lib helpers and trust init/cleanup to be done once and
only once. Modules that don't cooperate with APR (or using libs that
don't) will still OPENSSL_init_*() but it's not an issue (can be
called multiple times), same for OPENSSL_cleanup() although I doubt
one is doing this (besides mod_ssl, which precisely I want to fix).
Anyway modules are effectively unloaded on stop/restart in httpd, and
so are the libs they are linked with, and the next start does not
necessarily requires the same openssl intialization/configuration, but
it should not be an issue provided modules can cooperate. httpd is the
(final-)application which knows here, it's not a lib like openssl or
APR (both of which shouldn't impose their lifetime to their users). So
likewise APR will also have an option to not init/cleanup openssl at
all since it's possibly not the only consumer, but for those who wants
to cooperate fully through APR (like httpd), it's also possible.

>
> The explicit cleanup is thus simply a no-go in distro-wide use of
> OpenSSL.

Why? Distros know better than the applications they run?
Since we are here, why OPENSSL_cleanup() exists and is public in the
first place, and why no-pinshared or OPENSSL_INIT_NO_ATEXIT?


Regards,
Yann.


More information about the openssl-users mailing list