Manually cleanup OpenSSL from dovecot_openssl_common_global_unref()

OpenSSL 1.1 features a cleanup function that is automatically run on shutdown
using atexit(3). This function frees all OpenSSL-allocated resources.

In dovecot, OpenSSL is loaded indirectly using dlopen(3) against the relevant
dovecot crypto module and is finally unloaded using dlclose(3). Until
OpenSSL 1.0.1c this worked fine, however OpenSSL 1.0.1c makes sure[1] that the
library stays loaded after the initial dlclose() so that the atexit(3)
handlers can run on shutdown. This, together with the fact that dovecot
uses custom allocation functions for OpenSSL and has already partially
free()'d some of OpenSSL's resources in module_free(), leads to a
segfault at process shutdown[2].

We fix this by explicitly calling OPENSSL_cleanup() during module unload. This
is safe to do, as long as we will never want to subsequently re-initialize
OpenSSL.

[1] https://github.com/openssl/openssl/commit/4af9f7fe79ff82b90c16969b7e5871435056377b
[2] https://buildd.debian.org/status/fetch.php?pkg=dovecot&arch=amd64&ver=1:2.2.26.0-2&stamp=1478873022

Signed-off-by: Apollon Oikonomopoulos <apoikos@debian.org>

diff --git a/src/lib-ssl-iostream/dovecot-openssl-common.c b/src/lib-ssl-iostream/dovecot-openssl-common.c
index 51ea3ad40b304f2fef5937dd0c5355d0b801d386..2bf6307ffa1db1d46c9b7cc468cfeb0416fa80b7 100644 (file)
--- a/src/lib-ssl-iostream/dovecot-openssl-common.c
+++ b/src/lib-ssl-iostream/dovecot-openssl-common.c
@@ -101,6 +101,9 @@ bool dovecot_openssl_common_global_unref(void)
        ERR_remove_thread_state(NULL);
 #endif
        ERR_free_strings();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+       OPENSSL_cleanup();
+#endif
        return FALSE;
 }