1 files changed, 37 insertions, 1 deletions

diff --git a/zen/open_ssl.cpp b/zen/open_ssl.cpp
index 0f07e5e3..f3fd7219 100644
--- a/zen/open_ssl.cpp
+++ b/zen/open_ssl.cpp
@@ -12,8 +12,44 @@
 using namespace zen;
 
 
+#ifndef OPENSSL_THREADS
+    #error FFS, we are royally screwed!
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    #error OpenSSL version too old
+#endif
+
+
+void zen::openSslInit()
+{
+    //official Wiki:           https://wiki.openssl.org/index.php/Library_Initialization
+    //see apps_shutdown():     https://github.com/openssl/openssl/blob/master/apps/openssl.c
+    //see Curl_ossl_cleanup(): https://github.com/curl/curl/blob/master/lib/vtls/openssl.c
+
+    //excplicitly init OpenSSL on main thread: seems to initialize atomically! But it still might help to avoid issues:
+    [[maybe_unused]] const int rv = ::OPENSSL_init_ssl(OPENSSL_INIT_SSL_DEFAULT, nullptr);
+    assert(rv == 1); //https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html
+}
+
+
+void zen::openSslTearDown() {}
+//OpenSSL 1.1.0+ deprecates all clean up functions
+//=> so much the theory, in practice it leaks, of course: https://github.com/openssl/openssl/issues/6283
+//=> OpenSslThreadCleanUp
+
 namespace
 {
+struct OpenSslThreadCleanUp
+{
+    ~OpenSslThreadCleanUp()
+    {
+        ::OPENSSL_thread_stop();
+    }
+};
+thread_local OpenSslThreadCleanUp tearDownOpenSslThreadData;
+
+
 /*  Sign a file using SHA-256:
         openssl dgst -sha256 -sign private.pem -out file.sig file.txt
 
@@ -468,7 +504,7 @@ public:
             throw SysError(formatLastOpenSSLError(L"BIO_up_ref"));
         ::SSL_set0_wbio(ssl_, bio); //pass ownership
 
-		assert(::SSL_get_mode(ssl_) == SSL_MODE_AUTO_RETRY); //verify OpenSSL default
+        assert(::SSL_get_mode(ssl_) == SSL_MODE_AUTO_RETRY); //verify OpenSSL default
         ::SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE);
 
         if (::SSL_set_tlsext_host_name(ssl_, server.c_str()) != 1) //enable SNI (Server Name Indication)