diff options
Diffstat (limited to 'zen/open_ssl.cpp')
-rw-r--r-- | zen/open_ssl.cpp | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/zen/open_ssl.cpp b/zen/open_ssl.cpp index 0f07e5e3..f3fd7219 100644 --- a/zen/open_ssl.cpp +++ b/zen/open_ssl.cpp @@ -12,8 +12,44 @@ using namespace zen; +#ifndef OPENSSL_THREADS + #error FFS, we are royally screwed! +#endif + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + #error OpenSSL version too old +#endif + + +void zen::openSslInit() +{ + //official Wiki: https://wiki.openssl.org/index.php/Library_Initialization + //see apps_shutdown(): https://github.com/openssl/openssl/blob/master/apps/openssl.c + //see Curl_ossl_cleanup(): https://github.com/curl/curl/blob/master/lib/vtls/openssl.c + + //excplicitly init OpenSSL on main thread: seems to initialize atomically! But it still might help to avoid issues: + [[maybe_unused]] const int rv = ::OPENSSL_init_ssl(OPENSSL_INIT_SSL_DEFAULT, nullptr); + assert(rv == 1); //https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html +} + + +void zen::openSslTearDown() {} +//OpenSSL 1.1.0+ deprecates all clean up functions +//=> so much the theory, in practice it leaks, of course: https://github.com/openssl/openssl/issues/6283 +//=> OpenSslThreadCleanUp + namespace { +struct OpenSslThreadCleanUp +{ + ~OpenSslThreadCleanUp() + { + ::OPENSSL_thread_stop(); + } +}; +thread_local OpenSslThreadCleanUp tearDownOpenSslThreadData; + + /* Sign a file using SHA-256: openssl dgst -sha256 -sign private.pem -out file.sig file.txt @@ -468,7 +504,7 @@ public: throw SysError(formatLastOpenSSLError(L"BIO_up_ref")); ::SSL_set0_wbio(ssl_, bio); //pass ownership - assert(::SSL_get_mode(ssl_) == SSL_MODE_AUTO_RETRY); //verify OpenSSL default + assert(::SSL_get_mode(ssl_) == SSL_MODE_AUTO_RETRY); //verify OpenSSL default ::SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE); if (::SSL_set_tlsext_host_name(ssl_, server.c_str()) != 1) //enable SNI (Server Name Indication) |