Felix Palmen :freebsd: :c64: @zirias@bsd.cafe
Public

I need help. First the question: On , with all ports built with , can I somehow use the on a binary actually using LibreSSL and get sane output?

What I now observe debugging :

- A version built with (from base) doesn't crash. At least I tried very hard, really stressing it with , to no avail. Built with LibreSSL, it does crash.
- Less relevant: the OpenSSL version also performs slightly better, but needs almost twice the RAM
- The thread sanitizer finds nothing to complain when built with OpenSSL
- It complains a lot with LibreSSL, but the reports look "fishy", e.g. it seems to intercept some OpenSSL API functions (like SHA384_Final)
- It even complains when running with a single-thread event loop.
- I use a single SSL_CTX per listening socket, creating SSL objects from it per connection ... also with multithreading; according to a few sources, this should be supported and safe.
- I can't imagine doing that on a *single* thread could break with LibreSSL, I mean, this would make SSL_CTX pretty much pointless
- I *could* imagine sharing the SSL_CTX with multiple threads to create their SSL objects from *might* not be safe with LibreSSL, but no idea how to verify as long as the thread sanitizer gives me "delusional" output ๐Ÿ˜ณ

0
0
0

If you have a fediverse account, you can quote this note from your own instance. Search https://mastodon.bsd.cafe/users/zirias/statuses/114704555967279887 on your instance and quote it. (Note that quoting is not supported in Mastodon.)