Explicit thread cleanup in OpenSSL 1.1.1 possible?

Stephan Mühlstrasser stm at pdflib.com
Fri Mar 27 15:59:02 UTC 2020

Hello Michael,

Am 27.03.20 um 15:46 schrieb Michael Wojcik:
> As a workaround, what about first making a JNI call to a trivial shared 
> object that does an explicit dlopen of the OpenSSL shared object? The 
> JVM wouldn't know about that load, and its subsequent unload of the 
> shared object wouldn't remove it from the process address space, because 
> there would still be a reference to it.

thanks for the suggestion. This sounds similar to the trick that is 
already built into OpenSSL.

Through other channels I found now two other possible solutions for the 

1) Use JNI_OnUnload() to call OPENSSL_cleanup()

JNI_OnUnload() is called when the JVM unloads the JNI library. 
OPENSSL_cleanup() cleans up everything and no further per-thread cleanup 
happens after unloading the JNI shared library.

2) Use a C++ static object in the JNI library where the destructor calls 

When debugging the problem I came across this neat trick on stackoverflow:


class ResourceHolder {
     ResourceHolder() {
         // at start

     ~ResourceHolder() {
         // at exit

ResourceHolder theHolder;

I think that putting a call to OPENSSL_cleanup() into the destructor of 
the ResourceHolder class would also fix the problem, and it would be 

Approach 1) does fix the crash for me. If approach 2) works as well, I 
will use that one.


More information about the openssl-users mailing list