ICE-4794 - Adding property IceSSL.InitOpenSSL

1 files changed, 89 insertions, 64 deletions

diff --git a/cpp/src/IceSSL/Instance.cpp b/cpp/src/IceSSL/Instance.cpp
index 585620c1c58..c46d740cd5f 100644
--- a/cpp/src/IceSSL/Instance.cpp
+++ b/cpp/src/IceSSL/Instance.cpp
@@ -184,96 +184,121 @@ IceSSL::Instance::Instance(const CommunicatorPtr& communicator) :
         PropertiesPtr properties = communicator->getProperties();
 
         //
-        // Create the mutexes and set the callbacks.
+        // The IceSSL.InitOpenSSL property specifies whether we should perform the global
+        // startup (and shutdown) tasks for the OpenSSL library.
         //
-        if(!locks)
+        // If an application uses multiple components that each depend on OpenSSL, the
+        // application should disable OpenSSL initialization in those components and
+        // perform the initialization itself.
+        //
+        _initOpenSSL = properties->getPropertyAsIntWithDefault("IceSSL.InitOpenSSL", 1) > 0;
+        if(_initOpenSSL)
         {
-            locks = new IceUtil::Mutex[CRYPTO_num_locks()];
-            CRYPTO_set_locking_callback(IceSSL_opensslLockCallback);
-            CRYPTO_set_id_callback(IceSSL_opensslThreadIdCallback);
-        }
+            //
+            // Create the mutexes and set the callbacks.
+            //
+            if(!locks)
+            {
+                locks = new IceUtil::Mutex[CRYPTO_num_locks()];
+                CRYPTO_set_locking_callback(IceSSL_opensslLockCallback);
+                CRYPTO_set_id_callback(IceSSL_opensslThreadIdCallback);
+            }
 
-        //
-        // Load human-readable error messages.
-        //
-        SSL_load_error_strings();
+            //
+            // Load human-readable error messages.
+            //
+            SSL_load_error_strings();
 
-        //
-        // Initialize the SSL library.
-        //
-        SSL_library_init();
+            //
+            // Initialize the SSL library.
+            //
+            SSL_library_init();
 
-        //
-        // This is necessary to allow programs that use OpenSSL 0.9.x to
-        // load private key files generated by OpenSSL 1.x.
-        //
-        OpenSSL_add_all_algorithms();
+            //
+            // This is necessary to allow programs that use OpenSSL 0.9.x to
+            // load private key files generated by OpenSSL 1.x.
+            //
+            OpenSSL_add_all_algorithms();
 
-        //
-        // Initialize the PRNG.
-        //
+            //
+            // Initialize the PRNG.
+            //
 #ifdef WINDOWS
-        RAND_screen(); // Uses data from the screen if possible.
+            RAND_screen(); // Uses data from the screen if possible.
 #endif
-        char randFile[1024];
-        if(RAND_file_name(randFile, sizeof(randFile))) // Gets the name of a default seed file.
-        {
-            RAND_load_file(randFile, 1024);
-        }
-        string randFiles = Ice::nativeToUTF8(communicator, properties->getProperty("IceSSL.Random"));
+            char randFile[1024];
+            if(RAND_file_name(randFile, sizeof(randFile))) // Gets the name of a default seed file.
+            {
+                RAND_load_file(randFile, 1024);
+            }
+            string randFiles = Ice::nativeToUTF8(communicator, properties->getProperty("IceSSL.Random"));
 
-        if(!randFiles.empty())
-        {
-            vector<string> files;
+            if(!randFiles.empty())
+            {
+                vector<string> files;
 #ifdef _WIN32
-            const string sep = ";";
+                const string sep = ";";
 #else
-            const string sep = ":";
+                const string sep = ":";
 #endif
-            string defaultDir = Ice::nativeToUTF8(communicator, properties->getProperty("IceSSL.DefaultDir"));
+                string defaultDir = Ice::nativeToUTF8(communicator, properties->getProperty("IceSSL.DefaultDir"));
 
-            if(!IceUtilInternal::splitString(randFiles, sep, files))
-            {
-                PluginInitializationException ex(__FILE__, __LINE__);
-                ex.reason = "IceSSL: invalid value for IceSSL.Random:\n" + randFiles;
-                throw ex;
-            }
-            for(vector<string>::iterator p = files.begin(); p != files.end(); ++p)
-            {
-                string file = *p;
-                if(!checkPath(file, defaultDir, false))
+                if(!IceUtilInternal::splitString(randFiles, sep, files))
                 {
                     PluginInitializationException ex(__FILE__, __LINE__);
-                    ex.reason = "IceSSL: entropy data file not found:\n" + file;
+                    ex.reason = "IceSSL: invalid value for IceSSL.Random:\n" + randFiles;
                     throw ex;
                 }
-                if(!RAND_load_file(file.c_str(), 1024))
+                for(vector<string>::iterator p = files.begin(); p != files.end(); ++p)
+                {
+                    string file = *p;
+                    if(!checkPath(file, defaultDir, false))
+                    {
+                        PluginInitializationException ex(__FILE__, __LINE__);
+                        ex.reason = "IceSSL: entropy data file not found:\n" + file;
+                        throw ex;
+                    }
+                    if(!RAND_load_file(file.c_str(), 1024))
+                    {
+                        PluginInitializationException ex(__FILE__, __LINE__);
+                        ex.reason = "IceSSL: unable to load entropy data from " + file;
+                        throw ex;
+                    }
+                }
+            }
+#ifndef _WIN32
+            //
+            // The Entropy Gathering Daemon (EGD) is not available on Windows.
+            // The file should be a Unix domain socket for the daemon.
+            //
+            string entropyDaemon = properties->getProperty("IceSSL.EntropyDaemon");
+            if(!entropyDaemon.empty())
+            {
+                if(RAND_egd(entropyDaemon.c_str()) <= 0)
                 {
                     PluginInitializationException ex(__FILE__, __LINE__);
-                    ex.reason = "IceSSL: unable to load entropy data from " + file;
+                    ex.reason = "IceSSL: EGD failure using file " + entropyDaemon;
                     throw ex;
                 }
             }
+#endif
+            if(!RAND_status())
+            {
+                communicator->getLogger()->warning("IceSSL: insufficient data to initialize PRNG");
+            }
         }
-#ifndef _WIN32
-        //
-        // The Entropy Gathering Daemon (EGD) is not available on Windows.
-        // The file should be a Unix domain socket for the daemon.
-        //
-        string entropyDaemon = properties->getProperty("IceSSL.EntropyDaemon");
-        if(!entropyDaemon.empty())
+        else
         {
-            if(RAND_egd(entropyDaemon.c_str()) <= 0)
+            if(!properties->getProperty("IceSSL.Random").empty())
             {
-                PluginInitializationException ex(__FILE__, __LINE__);
-                ex.reason = "IceSSL: EGD failure using file " + entropyDaemon;
-                throw ex;
+                _logger->warning("IceSSL: ignoring IceSSL.Random because OpenSSL initialization is disabled");
+            }
+#ifndef _WIN32
+            else if(!properties->getProperty("IceSSL.EntropyDaemon").empty())
+            {
+                _logger->warning("IceSSL: ignoring IceSSL.EntropyDaemon because OpenSSL initialization is disabled");
             }
-        }
 #endif
-        if(!RAND_status())
-        {
-            communicator->getLogger()->warning("IceSSL: insufficient data to initialize PRNG");
         }
     }
 
@@ -299,7 +324,7 @@ IceSSL::Instance::~Instance()
     //
     IceUtilInternal::MutexPtrLock<IceUtil::Mutex> sync(staticMutex);
 
-    if(--instanceCount == 0)
+    if(--instanceCount == 0 && _initOpenSSL)
     {
         //
         // NOTE: We can't destroy the locks here: threads which might have called openssl methods