[openssl-dev] OpenSSL version 1.1.0 pre release 3 published

[Viktor Dukhovni]

On Tue, Feb 16, 2016 at 11:06:32PM +0000, Howard Chu wrote:

> >I[t] must do nothing.  That's what auto-initialization is for.  It is
> >wrong for libraries to initialize OpenSSL, because that can't be
> >done safely.  So in libraries that use OpenSSL, no OpenSSL initialization,
> >and no cleanup.
>
> I like this direction, but is it actually stable? There are programs out
> there that dynamically load and then unload modules repeatedly thru their
> life. We see libldap getting loaded and unloaded this way a lot, and that
> naturally means libssl/libcrypto go along for the ride too.

Nico Williams has some cool ideas for keeping a library from getting
unloaded, but regardless deinitialization is only for the application,
and only really to appease valgrind and the like.  

De-initialization is not intended to happen when the library gets
unloaded, Nico assures me that there's no safe way to do that, and
the only safe thing to do when a library is unloaded is to leak!
However, we may be able to arrange for the library to never be
unloaded once it is loaded and initialized.

-- 
	Viktor.