Something fishy reported in https://bz.apache.org/bugzilla/show_bug.cgi?id=62552
Which points to a problem with CRYPTO_THREADID and crypto locks and initialization oder in OpenSSL 1.0.2. (I believe OpenSSL 1.1.x eleminated that). During the analysis of the bug, there seem to be 3 modules in play that use openssl: mod_ssl, mod_md and mod_authn_dbd (mysql). Depending on configuration and load order the server works or crashes. Generally, the rule seems to be: - without mod_authn_dbd (and directive for mysql driver), all is well - with it, crash in mod_md md_crypto_init (which calls RAND_status(), which crashes) - *unless* mod_ssl is loaded before the others. This seems a bit nasty. Does someone of our mod_ssl experts agree to this analysis and that crypto locking is the issue? If so, what can we do about it? -Stefan
