DO NOT REPLY [Bug 48253] New: Tomcat Native patch - adding dynamic locking callbacks for openssl engines

Fri, 20 Nov 2009 13:41:01 -0800 

https://issues.apache.org/bugzilla/show_bug.cgi?id=48253

           Summary: Tomcat Native patch - adding dynamic locking callbacks
                    for openssl engines
           Product: Tomcat Native
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Library
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Created an attachment (id=24576)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=24576)
Adds dynamic locking callbacks to TCNative for use by openssl engines

Hello;
   The attached patch adds dynamic locking callbacks needed by certain engines
in OpenSSL (chil, specifically). Most of this code was poached from HTTPD 2.2.x
mod_ssl (ssl_util.c). The notable differences to TCNative after applying the
patch are that the call to ssl_thread_setup had to be moved before the engine
is initialized since the callbacks must be set before engine init, and the
dynamic callback functions were added to ssl_thread_setup.

The issue:
When utilizing an OpenSSL engine that requires the locking callback, no locks
will be found causing the vendor's native library to exit. When using chil,
this only happens when an assertion fails and detects that multiple threads are
active, but no upcalls are provided. I am unsure what other engines require
this functionality.

The solution:
Add the callback functions to use APR locks. Register them with OpenSSL via the
CRYPTO_set_dyn..... functions.


Note:
This is the first TCNative patch I have submitted and was informed that there
should be a xdocs/miscellaneous/changelog.xml file. This patch is against the
tomcat-native-1.1.16-src.tar.gz file which does not include such a document. In
any event, I think the CHANGELOG.txt entry should read:
Improvement: Add dynamic locking callbacks for openssl engines (druggeri)

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to