Disable atexit hook for OpenSSL by thevar1able · Pull Request #80138 · ClickHouse/ClickHouse

thevar1able · 2025-05-12T21:57:53Z

Changelog category (leave one):

Not for changelog (changelog entry is not required)

clickhouse-gh · 2025-05-12T21:58:19Z

Workflow [PR], commit [1eac616]

rschu1ze · 2025-05-13T07:37:01Z

src/Common/Crypto/OpenSSLInitializer.cpp

 #if USE_SSL
    if (ref_count++ == 0)
    {
+        // Disable OpenSSL atexit hook.


If I read #80132 correctly, then we crashed when the atexit handler is installed, not when it runs at the end of the program. Also, https://docs.openssl.org/3.2/man3/OPENSSL_init_crypto/#description says that `OPENSSL_INIT_NO_ATEXIT By default OpenSSL will attempt to clean itself up when the process exits via an "atexit" handler. Using this option suppresses that behaviour. This means that the application will have to clean up OpenSSL explicitly using OPENSSL_cleanup().

My question is if we should call OPENSSL_cleanup in the dtor?

Should we cleanup on shutdown?

OPENSSL_cleanup can be called only once according to their docs, so yes: we ideally call it during database shutdown and not here (dtor).

azat · 2025-05-29T13:27:48Z

BTW shouldn't we backport? I.e. here it fails for 25.5 - https://s3.amazonaws.com/clickhouse-test-reports/PRs/80987/7a563403d26f031052dd036de570ccbc3bd9262a//integration_tests_tsan_1_6/integration_run_test_host_regexp_multiple_ptr_records_test_py_0.log

Disable atexit hook for OpenSSL

1eac616

thevar1able assigned rschu1ze May 12, 2025

clickhouse-gh bot added the pr-not-for-changelog This PR should not be mentioned in the changelog label May 12, 2025

alexey-milovidov approved these changes May 12, 2025

View reviewed changes

alexey-milovidov self-assigned this May 12, 2025

thevar1able enabled auto-merge May 13, 2025 02:08

thevar1able added this pull request to the merge queue May 13, 2025

Merged via the queue into master with commit 4a23e77 May 13, 2025
120 checks passed

thevar1able deleted the openssl-no-atexit branch May 13, 2025 02:20

robot-clickhouse-ci-2 added the pr-synced-to-cloud The PR is synced to the cloud repo label May 13, 2025

rschu1ze reviewed May 13, 2025

View reviewed changes

rschu1ze mentioned this pull request May 13, 2025

Fix spammy log messages from "CgroupsReader" #80129

Merged

thevar1able mentioned this pull request May 16, 2025

Explicit OpenSSL cleanup #80332

Merged

CheSema mentioned this pull request May 16, 2025

Revert "Revert "rework pushing to views #77309"" #79963

Merged

1 task

thevar1able added the v25.5-must-backport label May 30, 2025

robot-clickhouse added the pr-backports-created Backport PRs are successfully created, it won't be processed by CI script anymore label May 30, 2025

alesapin mentioned this pull request Jun 4, 2025

Backport #80975 to 25.5: Make iceberg history to work with catalogs #81179

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Disable atexit hook for OpenSSL#80138

Disable atexit hook for OpenSSL#80138
thevar1able merged 1 commit intomasterfrom
openssl-no-atexit

thevar1able commented May 12, 2025

Uh oh!

clickhouse-gh bot commented May 12, 2025

Uh oh!

Uh oh!

rschu1ze May 13, 2025

Uh oh!

thevar1able May 13, 2025

Uh oh!

rschu1ze May 13, 2025

Uh oh!

azat commented May 29, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Conversation

thevar1able commented May 12, 2025

Changelog category (leave one):

Uh oh!

clickhouse-gh bot commented May 12, 2025

Uh oh!

Uh oh!

rschu1ze May 13, 2025

Choose a reason for hiding this comment

Uh oh!

thevar1able May 13, 2025

Choose a reason for hiding this comment

Uh oh!

rschu1ze May 13, 2025

Choose a reason for hiding this comment

Uh oh!

azat commented May 29, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants