Hello,
We have been testing OpenLDAP with the latest OpenSSL 1.0.1e, and we
encountered a segfault issue.
libldap calls CRYPTO_set_locking_callback( tlso_locking_cb) where
tlso_locking_cb is a function pointer in libldap address space.
The problem occurs when libldap gets unloaded while application is still
running.
The current OpenLDAP implementation doesn't clear the locking callback
function, and the program segfaults when OpenSSL trys to call the bogus
callback function.
Clearing the callback function when libldap is unloaded seems an
obvious thing to do, that can also be an issue if there is another
library which is also using OpenSSL.
If libldap clears the callback function, the application will not be
thread safe thereafter.
Thus, I think the problem will be solved if the callback function (as
wells as mutexes) is implemented inside OpenSSL.
I found CRYPTO_thread_setup(void) in OpenSSL and that's exactly what we
were looking for.
Is it possible to make CRYPTO_thread_setup() be publicly available?
Thank you,
-- misaki
misaki.miyash...@oracle.com
Oracle Solaris Security
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
