From 1e0682040de4fe18a053451b16e8c70ceb72180f Mon Sep 17 00:00:00 2001
From: "William A. Rowe Jr" <wrowe@apache.org>
Date: Tue, 17 Jun 2003 17:44:40 +0000
Subject: [PATCH]   Reaction to Jeff Trawick's observations that we are
 double-initializing   dynalinked OpenSSL Engines and Configs.  Move the
 library teardown code   so that it is torn down in the proper order,
 corresponding to when the   library itself was initialized.  And leave a
 little reminder that some   memory diagnostics would be good if OpenSSL is
 built for malloc debugging.

Suggested by: Geoff Thorpe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100288 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/mod_ssl.c         | 34 ++++++++++++++++++++++++++++++++++
 modules/ssl/ssl_engine_init.c |  7 -------
 2 files changed, 34 insertions(+), 7 deletions(-)

diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
index 7a3d365cfd..fe24ea8da1 100644
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -230,6 +230,34 @@ static const command_rec ssl_config_cmds[] = {
 /*
  *  the various processing hooks
  */
+static apr_status_t ssl_cleanup_pre_config(void *data)
+{
+    /*
+     * Try to kill the internals of the SSL library.
+     */
+#ifdef OPENSSL_VERSION_NUMBER
+#if OPENSSL_VERSION_NUMBER >= 0x00907001
+    /* Corresponds to OPENSSL_load_builtin_modules():
+     * XXX: borrowed from apps.h, but why not CONF_modules_free()
+     * which also invokes CONF_modules_finish()?
+     */
+    CONF_modules_unload(1);
+#endif
+#endif
+    /* Corresponds to SSL_library_init: */
+    EVP_cleanup();
+#if HAVE_ENGINE_LOAD_BUILTIN_ENGINES
+    ENGINE_cleanup();
+#endif
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_state(0);
+    ERR_free_strings();
+    /* 
+     * TODO: determine somewhere we can safely shove out diagnostics 
+     *       (when enabled) at this late stage in the game:
+     * CRYPTO_mem_leaks_fp(stderr);
+     */
+}
 
 static int ssl_hook_pre_config(apr_pool_t *pconf,
                                apr_pool_t *plog,
@@ -251,6 +279,12 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
 #endif
     SSL_load_error_strings();
 
+    /*
+     * Let us cleanup the ssl library when the module is unloaded
+     */
+    apr_pool_cleanup_register(pconf, NULL, ssl_cleanup_pre_config,
+                                           apr_pool_cleanup_null);
+
     /* Register us to handle mod_log_config %c/%x variables */
     ssl_var_log_config_register(pconf);
 #if 0 /* XXX */
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index c091118245..16c41e5474 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1251,13 +1251,6 @@ apr_status_t ssl_init_ModuleKill(void *data)
         ssl_init_ctx_cleanup_server(sc->server);
     }
 
-    /*
-     * Try to kill the internals of the SSL library.
-     */
-    ERR_free_strings();
-    ERR_remove_state(0);
-    EVP_cleanup();
-
     return APR_SUCCESS;
 }
 
-- 
2.40.0