You said: "CRYPTO_cleanup_all_ex_data and ERR_remove_state should be called on each thread, and not just the main thread."
However the FAQ says:
"Brutal" (thread-unsafe) Application-global cleanup functions: ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().'
And the code comments for CRYPTO_cleanup_all_ex_data() say:
/* Release all "ex_data" state to prevent memory leaks. This can't be made * thread-safe without overhauling a lot of stuff, and shouldn't really be * called under potential race-conditions anyway (it's for program shutdown * after all). */
- This is going back 5 or 7 years... I was having trouble under Valgrind. I asked a few messages on the mailing list about how to cleanup properly. Both CRYPTO_cleanup_all_ex_data and ERR_remove_state (on each thread) dropped out of the messages/questions. Also see Order of Cleanup to avoid memory leaks?. I don't know if it correct thing to do nowadays.
- Jwalton (talk) 20:58, 29 July 2019 (UTC)
- In many cases it is not necessary to do anything to clean up each individual threads (from OpenSSL 1.1.0+). As long as the thread exits before OpenSSL does then it should get cleaned up automatically. There
are some caveats on that (especially for windows). You can force OpenSSL to cleanup a thread using OPENSSL_thread_stop(). See the man page for that function to see a discussion on the caveats (in particular see the "Notes" section).