On Fri, Aug 16, 2013 at 07:17:22AM -0700, Thomas J. Hruska wrote:
> I think a lot of the init logic heralds from the original SSLeay
> days. There seems to be intent that initialization is supposed to
> happen in main() in the application and libraries shouldn't be
> calling initialization routines in OpenSSL.
This is a big problem, when main() has no knowledge of OpenSSL,
rather OpenSSL is used indirectly via an intermediate library, that
may even be dynamically loaded (e.g. Java dynamically loading
GSSAPI, with Heimdal's GSS library using OpenSSL).
Now it is certainly not appropriate for other libraries to call
OpenSSL one-time initialization functions. The result is a mess.
> However, I agree that all the init logic for the library should be
> handled automatically and transparently in a thread-safe manner.
Therefore, it is probably time to consider moving the OpenSSL
library initialization code into OpenSSL itself, with the set of
ciphers and digests to initialize by default as well as the thread
locking mechanism chosen at compile time.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
