[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Looking for config option to stop use of CryptoAPI (TSVN 1.7.1)

From: Joel Jirak <joel_at_jirak.us>
Date: Wed, 30 Nov 2011 16:06:57 -0500

>>
>> BTW, I _think_ the reason I see the crashes and you don't is because I
>> have the smart card software AND I've enabled that registry key to
>> disable loading the CAPI library.  So, for me, SSL_CTX_new() calls
>> ENGINE_by_id() for the CAPI engine, which fails, so then
>> ENGINE_load_builtin_engines() gets called (for the second time).
>
> So a build without CAPI would fix the issues for you?

Yes please! I didn't know that was an option. Disabling CAPI was
what we did in 1.5.x, but I thought you wanted to enable it for 1.7.x.
 Here's the 1.5.4 thread where you ended up disabling it:
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=92849

> Maybe a patch to ENGINE_by_id() would help that doesn't error out if
> CAPI isn't loaded but just steps over it?
>

No, you'd need to not ask for the CAPI engine in the first place. I
think that would work.

I think disabling GOST in general is the right thing to do because
operations like opening the repo-browser still spin up multiple
threads that each call ENGINE_load_builtin_engines(), which could
cause the GOST double-free/memory leak. In my case, the problem is
more evident because each thread calls that function twice.

Not asking for the CAPI engine in the first place (keying off the
registry setting, presumably) would reduce but not eliminate the
chance of hitting the GOST problem.

Joel

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2889434

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-11-30 22:07:07 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.