Shouldn't no-pinshared be the default?
Matt Caswell
matt at openssl.org
Tue Mar 5 11:51:34 UTC 2019
On 04/03/2019 23:37, Yann Ylavic wrote:
> So my question is, why isn't no-pinshared the default?
> ISTM that pinshared is enabled on linux only,
That isn't correct. pinshared is the default everywhere. The way it is achieved
is different for different platforms (so on Linux we use -znodelete).
> and linux has
> __cxa_atexit semantics for atexit() already, so dlclose() should
> already call OPENSSL_cleanup() when needed.
> Thus with OPENSSL_INIT_NO_ATEXIT now available the user could choose
> at runtime whether (s)he wants to call OPENSSL_cleanup() explicitely
> or let openssl clean up by itself.
Actually if all platforms behaved like Linux then there would be no need for
pinshared at all. Unfortunately they don't and on some platforms atexit handlers
can get called even after they have been unloaded - which obviously leads to
crashes.
Feasibly we could make no-pinshared the default on platforms where it isn't
really needed (such as Linux). However:
1) This introduces a change of OpenSSL behaviour based on platform - which isn't
ideal for application developers targeting multiple platforms. Not sure how big
a deal this is.
2) The no-pinshared option does not appear in 1.1.1 or 1.1.1a. It first appears
in 1.1.1b. Backporting the option was considered ok. But changing the default
mid-series is probably not a good idea.
Changing the default could be considered for 3.0.
Matt
More information about the openssl-users
mailing list