Shouldn't no-pinshared be the default?
Tomas Mraz
tmraz at redhat.com
Tue Mar 5 17:05:32 UTC 2019
On Tue, 2019-03-05 at 16:00 +0100, Yann Ylavic wrote:
> On Tue, Mar 5, 2019 at 2:47 PM Tomas Mraz <tmraz at redhat.com> wrote:
> >
> Why? Distros know better than the applications they run?
They actually do, because applications cannot really know whats deep in
the chain of loaded shared libraries - for example getpwnam() can load
libnss_ldap which can load libldap which can load libssl. And the
application has no idea about what is your nsswitch.conf config.
> Since we are here, why OPENSSL_cleanup() exists and is public in the
> first place, and why no-pinshared or OPENSSL_INIT_NO_ATEXIT?
Yes, having the public OPENSSL_cleanup() to be anything else than no-op
is probably a mistake.
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
More information about the openssl-users
mailing list