tls: fix OpenSSL engine in child processes #2840
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
tls_init.c calls OPENSSL_init_ssl(); this initializes the
global engine linked-list and this cannot be reset in the child.
To avoid linked-list corruption we manually instantiate
the engine object required for loading private keys instead of
relying on CONF_modules_load_file().
Updates to doc/.
Addresses #2839
Pre-Submission Checklist
in
doc/
subfolder, the README file is autogenerated)Type Of Change
Checklist:
Description
The call to
OPENSSL_init_ssl()
intls_init.c
results in the creation of the engine linked-list in the parent.This affects per-child engine private keys as there is no api to reinitialize the engine linked-list in the child.
This PR removes the call to
CONF_modules_load_file()
which causes linked-list corruption and replacesthe initialization of engine private keys in the child with with other api calls which do not manipulate global
objects.