On Wed, Oct 7, 2009 at 11:05 AM, Thomas Harning Jr. <thomas.harn...@trustbearer.com> wrote: > I'm writing a browser and a library that use OpenSSL for cryptography (correction - browser plugin)
> support. I want to best be able to fully cleanup state when my > plugin/library is unloaded, however it seems to me that it's not > possible to clear out all thread-associated error state since I'm not > managing the threads accessing my code. > > Example: > Thread A - loads plugin > Thread B - access plugin code (note: thread-safe) > plugin code raises OpenSSL error... cleans out error stack > after reporting > Thread A - unloads plugin, tries to cleanup OpenSSL > > Thread B's actual state is not freed since it is unknown to the plugin > code whether a given thread is "done" accessing code. In thread A > during shutdown, it only knows about thread A and the need to clean > it's state. > > One option would be to keep around a hash-set of threads that have > ever accessed the plugin code, but that's expensive, not to mention a > duplication of what OpenSSL's separate error hashmap does. > > > Looking at the old messages on the mailing list, there was a patch for > NetWare that introduced: `ERR_free_state_table`... however it was > never included since it was discussed that "proper applications > shouldn't need it".... however that doesn't account for plugins that > do not manage threads aside from locking access to resources... > > I have tested the patch re-created for the 1.0.0 OpenSSL tree and it > seems to work perfectly. Attached is that patch... I know, OpenSSL > 1.0.0 is in feature-freeze state... but this should be useful to > others. Let me know if there's any other requirements if this patch > were to possibly be included in the future (1.0.0a?) > > Are there any alternate solutions? I tried looking at the following > possible options: > * ERR_get_err_state_table()+ ERR_release_err_state_table() > .. but that does no freeing, it just decrements reference count... > * ERR_get_err_state_table + manually killing all ERR_STATE's ... then > destroying table ... but that results in int_thread_hash pointing to > dead memory... Has anyone reviewed this or have any comments to make? I'd love to know of a better mechanism than patching OpenSSL each time we need a build of it (not frequently, but its nice to have an official solution) -- Thomas Harning Jr. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
