[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Looking for config option to stop use of CryptoAPI (TSVN 1.7.1)

From: Joel Jirak <joel_at_jirak.us>
Date: Thu, 1 Dec 2011 17:01:04 -0500

>>> So a build without CAPI would fix the issues for you?
>> Yes please!  I didn't know that was an option.  Disabling CAPI was
>> what we did in 1.5.x, but I thought you wanted to enable it for 1.7.x.
>>   Here's the 1.5.4 thread where you ended up disabling it:
>> http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=92849
> Yes, but then I patched OpenSSL so I could enable it in the build again.
> Disabling it for all would be a bad idea.
>>> Maybe a patch to ENGINE_by_id() would help that doesn't error out if
>>> CAPI isn't loaded but just steps over it?
>> No, you'd need to not ask for the CAPI engine in the first place.  I
>> think that would work.
>> I think disabling GOST in general is the right thing to do because
>> operations like opening the repo-browser still spin up multiple
>> threads that each call ENGINE_load_builtin_engines(), which could
>> cause the GOST double-free/memory leak.  In my case, the problem is
>> more evident because each thread calls that function twice.
> I can't see any difference in calling ENGINE_load_builtin_engines() on
> my machine here, with or without the CAPI engine disabled with the
> registry setting.
> But I do see the double free of the GOST engine in the debugger - no
> crash in the release version though, but I guess that's just luck.
> And I don't see the double free every time, only some time (1 out of ten
> maybe).

Hey Stefan,

    Have you decided what you're going to do about GOST? I'm asking
because if you disabled it in the OpenSSL build, I'd be able to test
it in a nightly build, perhaps before you roll 1.7.2. I also wanted
to make sure that you understand you can disable just the GOST engine
in OpenSSL while still leaving all the CAPI features enabled.
Unfortunately, I don't have any way of knowing if any TSVN users use
the GOST cypher or not. I doubt it, but I won't be getting the angry
emails if I'm wrong! Thanks for all your help working through this

Joel Jirak


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-12-01 23:01:13 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.