Regression in 1.1.1 against 1.1.0 in SSL_CTX_new

[Harald Koch]

Hi Matt,

> Am 16.04.2020 um 16:29 schrieb Matt Caswell <matt at openssl.org>:
> On 16/04/2020 14:42, Harald Koch wrote:
>> Hello list,
>> 
>> I have a TLS server which is started on demand in a multithreaded (pthread) application. The TLS server is one thread which is being started and stopped. At first start, the TLS server initialized with SSL_CTX_new with TLS_server_method works as expected, after cleaning up, eliminating the thread and starting it again at a later time in the same process, SSL_CTX_new returns NULL. I’ve been digging deeper into the initialization code, and found out that in crypto/threads_pthread.c, function
> What does your clean up code look like? Are you taking specific steps to
> cleanup OpenSSL and if so what are they?

I’m checking if my actually used SSL and CTX are up, and if so, cleanup them before thread killing:

    if(ssl != NULL) { // assigned by SSL_new before
        SSL_free(ssl);
        ssl = NULL;
    }
    /* Free the SSL_CTX structure */
    if(ctx != NULL) { // assigned by SSL_CTX_new before
        SSL_CTX_free(ctx);
        ctx = NULL;
    }

No other openSSL specific cleanup functions are called. The functions documented in https://wiki.openssl.org/index.php/Library_Initialization#Cleanup <https://wiki.openssl.org/index.php/Library_Initialization#Cleanup> are not called.


> CRYPTO_THREAD_set_local the call to pthread_setspecific returns a value
> != 0 (in my case: 22). The error queue of openSSL stays empty. The same
> code works with openSSL 1.1.0 in all versions.
>> Some posts googled state that before usage, be sure to run OPENSSL_init_ssl (which I do, even if not required to my analysis since it’s already called in one of the called functions deeper in the library).
>> Am I missing something in a multithreaded environment?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200416/e403c745/attachment.html>