[openssl-dev] [openssl.org #2293] OpenSSL dependence on external threading functions is a critical design flaw
Florian Weimer
fweimer at redhat.com
Mon May 4 09:59:09 UTC 2015
On 09/03/2014 11:50 PM, Rich Salz via RT wrote:
> We're going to try to clean up the threads situation post-1.0.2, but closing
> this particular ticket.
Can you at least change the FAQ to make sure that OpenSSL is *not*
thread safe by default? Currently, it claims the opposite.
The error reporting library critically depends on working locking
functions. You get strange results if you believe the FAQ that OpenSSL
is thread-safe, even if you do not use any objects across threads.
--
Florian Weimer / Red Hat Product Security
More information about the openssl-dev
mailing list