diff options
author | Viktor Dukhovni <openssl-users@dukhovni.org> | 2019-01-01 02:53:24 -0500 |
---|---|---|
committer | Viktor Dukhovni <openssl-users@dukhovni.org> | 2019-01-07 14:02:28 -0500 |
commit | df1f538f28c10f2954757164b17781040d2355ef (patch) | |
tree | 983b999d0b4625fc67a05897c38c37f48aedbeba /crypto/err/err.c | |
parent | b2f16a2271c40faed168c8bd89b562919a18cb3f (diff) |
More configurable crypto and ssl library initialization
1. In addition to overriding the default application name,
one can now also override the configuration file name
and flags passed to CONF_modules_load_file().
2. By default we still keep going when configuration file
processing fails. But, applications that want to be strict
about initialization errors can now make explicit flag
choices via non-null OPENSSL_INIT_SETTINGS that omit the
CONF_MFLAGS_IGNORE_RETURN_CODES flag (which had so far been
both undocumented and unused).
3. In OPENSSL_init_ssl() do not request OPENSSL_INIT_LOAD_CONFIG
if the options already include OPENSSL_INIT_NO_LOAD_CONFIG.
4. Don't set up atexit() handlers when called with INIT_BASE_ONLY.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7986)
Diffstat (limited to 'crypto/err/err.c')
-rw-r--r-- | crypto/err/err.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/crypto/err/err.c b/crypto/err/err.c index c80aa6be2b..44e7115f9c 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -741,6 +741,18 @@ int err_shelve_state(void **state) { int saveerrno = get_last_sys_error(); + /* + * Note, at present our only caller is OPENSSL_init_crypto(), indirectly + * via ossl_init_load_crypto_nodelete(), by which point the requested + * "base" initialization has already been performed, so the below call is a + * NOOP, that re-enters OPENSSL_init_crypto() only to quickly return. + * + * If are no other valid callers of this function, the call below can be + * removed, avoiding the re-entry into OPENSSL_init_crypto(). If there are + * potential uses that are not from inside OPENSSL_init_crypto(), then this + * call is needed, but some care is required to make sure that the re-entry + * remains a NOOP. + */ if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) return 0; |