Reaction to Jeff Trawick's observations that we are double-initializing

  dynalinked OpenSSL Engines and Configs.  Move the library teardown code
  so that it is torn down in the proper order, corresponding to when the
  library itself was initialized.  And leave a little reminder that some
  memory diagnostics would be good if OpenSSL is built for malloc debugging.

Suggested by: Geoff Thorpe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100288 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 7a3d365cfd3d06c664ad61943c57c6a56768d23e..fe24ea8da1ad740b6fed9065bfa6c736344b9a37 100644 (file)
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -230,6 +230,34 @@ static const command_rec ssl_config_cmds[] = {
 /*
  *  the various processing hooks
  */
+static apr_status_t ssl_cleanup_pre_config(void *data)
+{
+    /*
+     * Try to kill the internals of the SSL library.
+     */
+#ifdef OPENSSL_VERSION_NUMBER
+#if OPENSSL_VERSION_NUMBER >= 0x00907001
+    /* Corresponds to OPENSSL_load_builtin_modules():
+     * XXX: borrowed from apps.h, but why not CONF_modules_free()
+     * which also invokes CONF_modules_finish()?
+     */
+    CONF_modules_unload(1);
+#endif
+#endif
+    /* Corresponds to SSL_library_init: */
+    EVP_cleanup();
+#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
+    ENGINE_cleanup();
+#endif
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_state(0);
+    ERR_free_strings();
+    /* 
+     * TODO: determine somewhere we can safely shove out diagnostics 
+     *       (when enabled) at this late stage in the game:
+     * CRYPTO_mem_leaks_fp(stderr);
+     */
+}
 
 static int ssl_hook_pre_config(apr_pool_t *pconf,
                                apr_pool_t *plog,
@@ -251,6 +279,12 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
 #endif
     SSL_load_error_strings();
 
+    /*
+     * Let us cleanup the ssl library when the module is unloaded
+     */
+    apr_pool_cleanup_register(pconf, NULL, ssl_cleanup_pre_config,
+                                           apr_pool_cleanup_null);
+
     /* Register us to handle mod_log_config %c/%x variables */
     ssl_var_log_config_register(pconf);
 #if 0 /* XXX */

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index c09111824595c9087acb365d4dcc419db235b29e..16c41e547420c053dfd2f5a16f71edeb1ffcaf57 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1251,13 +1251,6 @@ apr_status_t ssl_init_ModuleKill(void *data)
         ssl_init_ctx_cleanup_server(sc->server);
     }
 
-    /*
-     * Try to kill the internals of the SSL library.
-     */
-    ERR_free_strings();
-    ERR_remove_state(0);
-    EVP_cleanup();
-
     return APR_SUCCESS;
 }