diff options
| author | Jacob Champion <jchampion@apache.org> | 2017-04-18 02:19:32 +0200 |
|---|---|---|
| committer | Jacob Champion <jchampion@apache.org> | 2017-04-18 02:19:32 +0200 |
| commit | 7b2bdcea91c8db88f572bfb495619356ed9a8ed5 (patch) | |
| tree | 0e0eb95cc42cc7c174c14a5bc46f5c33b232754b /acinclude.m4 | |
| parent | ssl_util.c: add a couple explanatory comments (diff) | |
| download | apache2-7b2bdcea91c8db88f572bfb495619356ed9a8ed5.tar.xz apache2-7b2bdcea91c8db88f572bfb495619356ed9a8ed5.zip | |
PR60947: avoid CRYPTO_THREADID_set_callback() if possible
CRYPTO_THREADID_set_callback() is write-once, so if mod_ssl is unloaded
and reloaded into a different address, we'll crash if OpenSSL wasn't
also unloaded and reloaded at the same time. This can happen if another
module or library is using OpenSSL as well.
- OpenSSL 1.1.0 isn't affected.
- Certain platforms (Windows, BeOS, and POSIX-compliant systems) can
make use of the default THREADID callback in OpenSSL 1.0.x.
- If the deprecated CRYPTO_set_id_callback() is available, we can use it
instead of CRYPTO_THREADID_set_callback().
Otherwise, we have to fall back to CRYPTO_THREADID_set_callback(), but
hopefully that applies to a small percentage of users at this point.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/trunk-openssl-threadid@1791732 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'acinclude.m4')
| -rw-r--r-- | acinclude.m4 | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/acinclude.m4 b/acinclude.m4 index 14c02a1e83..3ab82d726b 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -608,7 +608,8 @@ AC_DEFUN([APACHE_CHECK_OPENSSL],[ liberrors="" AC_CHECK_HEADERS([openssl/engine.h]) AC_CHECK_FUNCS([SSL_CTX_new], [], [liberrors="yes"]) - AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines RAND_egd]) + AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines RAND_egd \ + CRYPTO_set_id_callback]) if test "x$liberrors" != "x"; then AC_MSG_WARN([OpenSSL libraries are unusable]) fi |