Regression in 1.1.1 against 1.1.0 in SSL_CTX_new
Tomas Mraz
tmraz at redhat.com
Thu Apr 16 15:07:22 UTC 2020
On Thu, 2020-04-16 at 15:42 +0200, Harald Koch wrote:
> Hello list,
>
> I have a TLS server which is started on demand in a multithreaded
> (pthread) application. The TLS server is one thread which is being
> started and stopped. At first start, the TLS server initialized with
> SSL_CTX_new with TLS_server_method works as expected, after cleaning
> up, eliminating the thread and starting it again at a later time in
> the same process, SSL_CTX_new returns NULL. I’ve been digging deeper
> into the initialization code, and found out that in
> crypto/threads_pthread.c, function CRYPTO_THREAD_set_local the call
> to pthread_setspecific returns a value != 0 (in my case: 22). The
> error queue of openSSL stays empty. The same code works with openSSL
> 1.1.0 in all versions.
> Some posts googled state that before usage, be sure to run
> OPENSSL_init_ssl (which I do, even if not required to my analysis
> since it’s already called in one of the called functions deeper in
> the library).
> Am I missing something in a multithreaded environment?
Is this pure old 1.1.1 version or a current release from the 1.1.1
branch (i.e. 1.1.1f)?
Do you call the OPENSSL_init_ssl from the main thread or from the TLS
server thread?
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
More information about the openssl-users
mailing list