Bug 657

Summary: libunbound(3) recommends deprecated CRYPTO_set_id_callback
Product: unbound Reporter: Daniel Kahn Gillmor <dkg>
Component: serverAssignee: unbound team <unbound-team>
Status: RESOLVED FIXED    
Severity: enhancement CC: cathya, wouter
Priority: P5    
Version: 1.5.3   
Hardware: x86_64   
OS: Linux   

Description Daniel Kahn Gillmor 2015-03-24 23:48:23 CET
(this is from unbound 1.5.3, which isn't listed in the version dropdown above).

libunbound(3) recommends openssl's deprecated CRYPTO_set_id_callback().  It should recommend CRYPTO_THREADID_set_callback instead, at least when building against OpenSSL 1.0.0 or later.

Background:

libunbound(3) says:

FUNCTIONS
       ub_ctx_create
              Create  a  new context, initialised with defaults.  The informa‐
              tion from /etc/resolv.conf and /etc/hosts  is  not  utilised  by
              default.  Use  ub_ctx_resolvconf  and ub_ctx_hosts to read them.
              Before   you   call   this,   use    the    openssl    functions
              CRYPTO_set_id_callback and CRYPTO_set_locking_callback to set up
              asyncronous operation if you use lib  openssl  (the  application
              calls these functions once for initialisation).

But CRYPTO_set_locking_callback(3ssl) says:
 
       CRYPTO_set_locking_callback() is available in all versions of SSLeay
       and OpenSSL.  CRYPTO_num_locks() was added in OpenSSL 0.9.4.  All
       functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev.
       CRYPTO_THREADID and associated functions were introduced in OpenSSL
       1.0.0 to replace (actually, deprecate) the previous
       CRYPTO_set_id_callback(), CRYPTO_get_id_callback(), and
       CRYPTO_thread_id() functions which assumed thread IDs to always be
       represented by 'unsigned long'.
Comment 1 Wouter Wijngaards 2015-03-25 09:07:18 CET
Hi Daniel,

Fixed it.  It looks like this:

FUNCTIONS
       ub_ctx_create
              Create  a new context, initialised with defaults.  The informa‐
              tion from /etc/resolv.conf and /etc/hosts is  not  utilised  by
              default.  Use  ub_ctx_resolvconf and ub_ctx_hosts to read them.
              Before   you   call   this,   use   the    openssl    functions
              CRYPTO_set_id_callback  and  CRYPTO_set_locking_callback to set
              up asyncronous operation if you use lib openssl  (the  applica‐
              tion  calls  these functions once for initialisation).  Openssl
              1.0.0 or later uses the CRYPTO_THREADID_set_callback function.

Best regards,
   Wouter