On Sat, Feb 25, 2023 at 12:43 PM Patrick Schlangen <patrick(a)schlangen.me> wrote:
Hi,
Am 24.02.2023 um 16:55 schrieb Patrick Schlangen
<patrick(a)schlangen.me>me>:
I observe that using PHP's libcurl integration and other features which rely on
OpenSSL randomly fail when opening a TLS connection. I suspect that librados somehow
initializes or uninitializes OpenSSL in a way that interferes with the OpenSSL usage of
libcurl / PHP's fsockopen.
some more details: This happens when trying to use OpenSSL after rados_shutdown(). It
looks like rados_shutdown() causes TOPNSPC::crypto::shutdown() to be called which tears
down OpenSSL and, by doing so, breaks SSL usage in libcurl / PHP afterwards.
This only happens with OpenSSL 1.0 since with 1.1 the init/uninit concept has changed and
ceph doesn't do an explicit uninit anymore.
I think it would be good if librados would give an option to avoid OpenSSL teardown at
rados_shutdown() to not break other OpenSSL users in the same process.
Hi Patrick,
Isn't OpenSSL 1.0 long out of support? I'm not sure if extending
librados API to support a workaround for something that went EOL over
three years ago is worth it.
Thanks,
Ilya