https://bz.apache.org/bugzilla/show_bug.cgi?id=60947
--- Comment #1 from Jacob Champion <[email protected]> --- More research: 1) OpenSSL 1.1.0 no longer requires the use of CRYPTO_THREADID_set_callback() at all, and in fact the CRYPTO_THREADID_* stuff is now a no-op. See rsalz's post at https://www.openssl.org/blog/blog/2017/02/21/threads/ . 2) OpenSSL 1.0.2 (and possibly prior, but I haven't verified) contains default implementations for Windows and BeOS. For all other platforms, its fallback implementation uses the address of errno to tell threads apart. 3) Our current implementation of the threadid callback is possibly incorrect on some platforms, since we're using CRYPTO_THREADID_set_numeric() and truncating an apr_os_thread_t into the space of an unsigned long. This opens up the possibility of collisions. As a concrete example: this makes our implementation objectively worse than the default implementation on Windows, because we truncate a HANDLE into a long, whereas the default uses GetCurrentThreadId() directly. There is a CRYPTO_THREADID_set_pointer() that allows us to pass in a void*, and if it turns out we have to set a threadid callback, I think we should prefer the set_pointer() flavor if the native thread identifier is bigger than a long. This is all making me feel like we should try to dump the callback entirely on as many platforms as possible (i.e. those with an addressable, per-thread errno), and decide what to do with the remaining platforms (if any) on a case-by-case basis. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
