valgrind reporting multiple memory leaks with libtls

[TheTechsTech]

This was initial to report a much bigger memory leak report, but after reading #762 #704 #687 and #730 it seems to be a known issue with no real solution.

Using OPENSSL_cleanup() reduced it to the following:

valgrind -s --leak-check=full --show-leak-kinds=all ./example
==13514== Memcheck, a memory error detector
==13514== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==13514== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==13514== Command: ./example
==13514==
HTTP/1.0 200 OK
Date: Sun, 05 Oct 2025 18:30:53 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-zJrL9sfw63uri4JWt6c1jA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Accept-CH: Sec-CH-Prefers-Color-Scheme
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AaJma5uQAHJb-Pz6FK-qk1FvM64gbU3m2M7paKE-bSyQ2NDO5s11vxjuzT4; expires=Fri, 03-Apr-2026 18:30:53 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: NID=525=MVeXBL7kgOHxWV5MUV8N-CmH31FnsVwA6Q7LMZys-_m4jjfWSYptvRXB2YvhVcLQYOtQJTJuoA9nzSn9GpvDpMLvVWO8NnPeXMwlP3Frvnehr4yuFH2thBLBdXA5ejGdTW5Q6YpXnjWbTZaSrF2DzUrSdtsYUE9HXFC_Iwv_x1ce9X8rWHK9kU95mocbTWF5O5kwFuanGfJd_XnvsUvucK8; expires=Mon, 06-Apr-2026 18:30:53 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding

<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help

==13514== 
==13514== HEAP SUMMARY:
==13514==     in use at exit: 833 bytes in 5 blocks
==13514==   total heap usage: 3,208 allocs, 3,203 frees, 504,542 bytes allocated
==13514==
==13514== 17 bytes in 1 blocks are still reachable in loss record 1 of 5
==13514==    at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==13514==    by 0x48ED157: __vasprintf_internal (vasprintf.c:71)
==13514==    by 0x48C59E9: asprintf (asprintf.c:31)
==13514==    by 0x4916751: strerror_l (strerror_l.c:45)
==13514==    by 0x1BF9A1: err_build_SYS_str_reasons (err.c:499)
==13514==    by 0x1BFFDD: ERR_load_ERR_strings_internal (err.c:684)
==13514==    by 0x1C0E8C: ERR_load_crypto_strings_internal (err_all.c:104)
==13514==    by 0x48FEEE7: __pthread_once_slow (pthread_once.c:116)
==13514==    by 0x1C0F28: ERR_load_crypto_strings (err_all.c:149)
==13514==    by 0x18F438: OPENSSL_init_crypto_internal (crypto_init.c:53)
==13514==    by 0x48FEEE7: __pthread_once_slow (pthread_once.c:116)
==13514==    by 0x18F4C3: OPENSSL_init_crypto (crypto_init.c:67)
==13514==
==13514== 24 bytes in 1 blocks are still reachable in loss record 2 of 5
==13514==    at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==13514==    by 0x1D247C: lh_insert (lhash.c:273)
==13514==    by 0x1BF770: err_thread_set_item (err.c:422)
==13514==    by 0x1BFC5C: ERR_get_state (err.c:574)
==13514==    by 0x1C0331: ERR_clear_error (err.c:816)
==13514==    by 0x14131B: tls_handshake_client (tls_client.c:473)
==13514==    by 0x13FF63: tls_handshake (tls.c:854)
==13514==    by 0x140144: tls_write (tls.c:913)
==13514==    by 0x13BEDF: main (example.c:35)
==13514==
==13514== 72 bytes in 1 blocks are still reachable in loss record 3 of 5
==13514==    at 0x484DA83: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==13514==    by 0x1D2277: lh_new (lhash.c:212)
==13514==    by 0x1BF593: err_thread_get (err.c:369)
==13514==    by 0x1BF72B: err_thread_set_item (err.c:417)
==13514==    by 0x1BFC5C: ERR_get_state (err.c:574)
==13514==    by 0x1C0331: ERR_clear_error (err.c:816)
==13514==    by 0x14131B: tls_handshake_client (tls_client.c:473)
==13514==    by 0x13FF63: tls_handshake (tls.c:854)
==13514==    by 0x140144: tls_write (tls.c:913)
==13514==    by 0x13BEDF: main (example.c:35)
==13514==
==13514== 128 bytes in 1 blocks are still reachable in loss record 4 of 5
==13514==    at 0x484DA83: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==13514==    by 0x1D229B: lh_new (lhash.c:214)
==13514==    by 0x1BF593: err_thread_get (err.c:369)
==13514==    by 0x1BF72B: err_thread_set_item (err.c:417)
==13514==    by 0x1BFC5C: ERR_get_state (err.c:574)
==13514==    by 0x1C0331: ERR_clear_error (err.c:816)
==13514==    by 0x14131B: tls_handshake_client (tls_client.c:473)
==13514==    by 0x13FF63: tls_handshake (tls.c:854)
==13514==    by 0x140144: tls_write (tls.c:913)
==13514==    by 0x13BEDF: main (example.c:35)
==13514==
==13514== 592 bytes in 1 blocks are still reachable in loss record 5 of 5
==13514==    at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==13514==    by 0x1BFBAA: ERR_get_state (err.c:564)
==13514==    by 0x1C0331: ERR_clear_error (err.c:816)
==13514==    by 0x14131B: tls_handshake_client (tls_client.c:473)
==13514==    by 0x13FF63: tls_handshake (tls.c:854)
==13514==    by 0x140144: tls_write (tls.c:913)
==13514==    by 0x13BEDF: main (example.c:35)
==13514==
==13514== LEAK SUMMARY:
==13514==    definitely lost: 0 bytes in 0 blocks
==13514==    indirectly lost: 0 bytes in 0 blocks
==13514==      possibly lost: 0 bytes in 0 blocks
==13514==    still reachable: 833 bytes in 5 blocks
==13514==         suppressed: 0 bytes in 0 blocks
==13514==
==13514== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

The example:

#include <stdio.h>
#include <tls.h>
#include <openssl/crypto.h>

int main()
{
	struct tls *tls;
	struct tls_config *tls_config;
	ssize_t written, read;
	char buf[4096];

	if (tls_init() != 0) {
		fprintf(stderr, "tls_init failed");
		return 1;
	}

	if ((tls = tls_client()) == NULL)
		goto err;

	if ((tls_config = tls_config_new()) == NULL)
		goto err;

	if (tls_config_set_ciphers(tls_config, "compat") != 0)
		goto err;

	tls_config_insecure_noverifycert(tls_config);
	tls_config_insecure_noverifyname(tls_config);

	if (tls_configure(tls, tls_config) != 0)
		goto err;

	if (tls_connect(tls, "google.com", "443") != 0)
		goto err;

	if ((written = tls_write(tls, "GET /\r\n", 7)) < 0)
		goto err;

	if ((read = tls_read(tls, buf, sizeof(buf))) < 0)
		goto err;

	buf[read - 1] = '\0';
	puts(buf);

	if (tls_close(tls) != 0)
		goto err;

	tls_config_free(tls_config);
	tls_free(tls);

	OPENSSL_cleanup();
	return 0;

err:
	fprintf(stderr, "Error: %s\n", tls_error(tls));
	return 1;
}

I'm working on openTLS building your libtls only for the installed OpenSSL version, it's being used to develop c-asio.

Adding a atexit() routine for the never freed tls_config_default in tls.c solved my issue without using OPENSSL_cleanup.

The same example produces:

valgrind -s --leak-check=full --show-leak-kinds=all ./example

==6788== Memcheck, a memory error detector
==6788== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==6788== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==6788== Command: ./example
==6788==
HTTP/1.0 200 OK
Date: Sun, 05 Oct 2025 16:49:25 GMT
Expires: -1
...
...
...
...

==6788== 
==6788== HEAP SUMMARY:
==6788==     in use at exit: 0 bytes in 0 blocks
==6788==   total heap usage: 14,865 allocs, 14,865 frees, 2,158,115 bytes allocated
==6788==
==6788== All heap blocks were freed -- no leaks are possible
==6788==
==6788== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

[botovq]

I'm working on [openTLS](https://github.com/zelang-dev/openTLS) building your `libtls` **only** for the installed **OpenSSL** version, it's being used to develop [c-asio](https://github.com/zelang-dev/c-asio).

Many distros already provide libretls: https://git.causal.agency/libretls/about/

Adding a `atexit()` routine for the never freed `tls_config_default` in `tls.c` solved my issue without using `OPENSSL_cleanup`.

That's not going to happen in libtls. We might consider an API that cleans that up and that applications could install as an atexit handler if they choose to do so, but ultimately that's not my call to make.

[TheTechsTech]

I'm working on openTLS building your libtls only for the installed OpenSSL version, it's being used to develop c-asio.
Many distros already provide libretls:

https://git.causal.agency/libretls/about/

Yes they do, but none of them do any testing., nor any available for Windows. Also they would not pass the tlstest.c test, the report i show has atexit applied, bigger report otherwise. This started as a fork of https://git.causal.agency/libretls/about/, which is at 3.8.1 of libressl, Linux only, and doesn't use cmake.

Adding a atexit() routine for the never freed tls_config_default in tls.c solved my issue without using OPENSSL_cleanup.
That's not going to happen in libtls. We might consider an API that cleans that up and that applications could install as an atexit handler if they choose to do so, but ultimately that's not my call to make.

That's what I mean, "with no real solution."

[botovq]

We are open to helping you out in whichever way is acceptable for us, but I'm not sure what we could do in this case other than providing a tls_cleanup() API. If that's not a real solution for you then I guess you're right and there isn't any.

An atexit() handler installed by a library without explicit opt-in by applications is a recipe for disaster (go check the openssl and curl issue trackers), but maybe you didn't suggest that and just used it as a workaround to silence valgrind reports.

[TheTechsTech]

We are open to helping you out in whichever way is acceptable for us, but I'm not sure what we could do in this case other than providing a tls_cleanup() API. If that's not a real solution for you then I guess you're right and there isn't any.

An atexit() handler installed by a library without explicit opt-in by applications is a recipe for disaster (go check the openssl and curl issue trackers), but maybe you didn't suggest that and just used it as a workaround to silence valgrind reports.

You are misreading, I'm just reporting, not looking for any solution myself.

I guess you don't realize, in OpenSSL 1.1.0 onward does auto cleanup. see https://docs.openssl.org/1.1.1/man3/OPENSSL_init_crypto/#description it's been mentioned in openssl/openssl#11208. This is for other users calling libtls library directly.

The openTLS or libretls libraries using the actual OpenSSL version installed version, NO! libressl compatibility engine of OpenSSL involved. The reason i don't have multi memory leak issues.

I guess providing tls_cleanup() for your users would make sense, until OpenSSL 1.1.0 as stated in the readme.md is fully implemented.

By adding the following to tls.c, I get no issue with memory leaks in openTLS

static int tls_atexit_set = 0;
void tls_default_free(void) {
	if (tls_config_default != NULL) {
		free(tls_config_default->ecdhecurves);
		free(tls_config_default->keypair);
		free((void *)tls_config_default->ciphers);
		free(tls_config_default);
		tls_config_default = NULL;
	}
}

int
tls_init(void)
{
	static pthread_once_t once = PTHREAD_ONCE_INIT;

	if (!tls_atexit_set) {
		tls_atexit_set = 1;
		atexit(tls_default_free);
	}
	
	if (pthread_once(&once, tls_do_init) != 0)
		return -1;

	return tls_init_rv;
}

Anyway, your current tlstest.c test, using your engine, shows the following under valgrind, with no atexit installed.

**NOTE: I have added OPENSSL_cleanup(); to the test, otherwise be too long reading like are still reachable in loss record 8999 of 8999 **

valgrind -s --leak-check=full --show-leak-kinds=all ./tlstest ca-root-rsa.pem server1-rsa-chain.pem server1-rsa.pem
==907== Memcheck, a memory error detector
==907== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==907== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==907== Command: ./tlstest ca-root-rsa.pem server1-rsa-chain.pem server1-rsa.pem
==907==

== TLS tests ==
...
...
...
...

==907== 
==907== HEAP SUMMARY:
==907==     in use at exit: 1,601 bytes in 10 blocks
==907==   total heap usage: 36,945 allocs, 36,935 frees, 9,400,420 bytes allocated
==907==
==907== 12 bytes in 1 blocks are still reachable in loss record 1 of 10
==907==    at 0x484DCD3: realloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==907==    by 0x144FD3: tls_config_set_ecdhecurves (tls_config.c:609)
==907==    by 0x143EE4: tls_config_new_internal (tls_config.c:116)
==907==    by 0x140834: tls_do_init (tls.c:50)
==907==    by 0x48FEEE7: __pthread_once_slow (pthread_once.c:116)
==907==    by 0x14088A: tls_init (tls.c:63)
==907==    by 0x142ABD: tls_client (tls_client.c:42)
==907==    by 0x13DC5E: do_tls_tests (tlstest.c:357)
==907==    by 0x13E4E9: main (tlstest.c:550)
==907==
==907== 17 bytes in 1 blocks are still reachable in loss record 2 of 10
==907==    at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==907==    by 0x48ED157: __vasprintf_internal (vasprintf.c:71)
==907==    by 0x48C59E9: asprintf (asprintf.c:31)
==907==    by 0x4916751: strerror_l (strerror_l.c:45)
==907==    by 0x1C2096: err_build_SYS_str_reasons (err.c:499)
==907==    by 0x1C26D2: ERR_load_ERR_strings_internal (err.c:684)
==907==    by 0x1C3581: ERR_load_crypto_strings_internal (err_all.c:104)
==907==    by 0x48FEEE7: __pthread_once_slow (pthread_once.c:116)
==907==    by 0x1C361D: ERR_load_crypto_strings (err_all.c:149)
==907==    by 0x191B2D: OPENSSL_init_crypto_internal (crypto_init.c:53)
==907==    by 0x48FEEE7: __pthread_once_slow (pthread_once.c:116)
==907==    by 0x191BB8: OPENSSL_init_crypto (crypto_init.c:67)
==907==
==907== 24 bytes in 1 blocks are still reachable in loss record 3 of 10
==907==    at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==907==    by 0x1D4B71: lh_insert (lhash.c:273)
==907==    by 0x1C1E65: err_thread_set_item (err.c:422)
==907==    by 0x1C2351: ERR_get_state (err.c:574)
==907==    by 0x1C2BB4: ERR_put_error (err.c:852)
==907==    by 0x1E432F: PEM_read_bio (pem_lib.c:699)
==907==    by 0x1E2E12: PEM_bytes_read_bio (pem_lib.c:289)
==907==    by 0x1E4CE5: PEM_ASN1_read_bio (pem_oth.c:79)
==907==    by 0x1E57CC: PEM_read_bio_X509 (pem_x509.c:87)
==907==    by 0x15D241: ssl_use_certificate_chain_bio (ssl_rsa.c:699)
==907==    by 0x15D44B: SSL_CTX_use_certificate_chain_mem (ssl_rsa.c:771)
==907==    by 0x141A0A: tls_configure_ssl_keypair (tls.c:499)
==907==
==907== 44 bytes in 1 blocks are still reachable in loss record 4 of 10
==907==    at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==907==    by 0x490D58E: strdup (strdup.c:42)
==907==    by 0x14999C: tls_set_string (tls_util.c:61)
==907==    by 0x144C26: tls_config_set_ciphers (tls_config.c:511)
==907==    by 0x143F02: tls_config_new_internal (tls_config.c:118)
==907==    by 0x140834: tls_do_init (tls.c:50)
==907==    by 0x48FEEE7: __pthread_once_slow (pthread_once.c:116)
==907==    by 0x14088A: tls_init (tls.c:63)
==907==    by 0x142ABD: tls_client (tls_client.c:42)
==907==    by 0x13DC5E: do_tls_tests (tlstest.c:357)
==907==    by 0x13E4E9: main (tlstest.c:550)
==907==
==907== 64 bytes in 1 blocks are still reachable in loss record 5 of 10
==907==    at 0x484DA83: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==907==    by 0x146813: tls_keypair_new (tls_keypair.c:29)
==907==    by 0x143E91: tls_config_new_internal (tls_config.c:108)
==907==    by 0x140834: tls_do_init (tls.c:50)
==907==    by 0x48FEEE7: __pthread_once_slow (pthread_once.c:116)
==907==    by 0x14088A: tls_init (tls.c:63)
==907==    by 0x142ABD: tls_client (tls_client.c:42)
==907==    by 0x13DC5E: do_tls_tests (tlstest.c:357)
==907==    by 0x13E4E9: main (tlstest.c:550)
==907==
==907== 72 bytes in 1 blocks are still reachable in loss record 6 of 10
==907==    at 0x484DA83: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==907==    by 0x1D496C: lh_new (lhash.c:212)
==907==    by 0x1C1C88: err_thread_get (err.c:369)
==907==    by 0x1C1E20: err_thread_set_item (err.c:417)
==907==    by 0x1C2351: ERR_get_state (err.c:574)
==907==    by 0x1C2BB4: ERR_put_error (err.c:852)
==907==    by 0x1E432F: PEM_read_bio (pem_lib.c:699)
==907==    by 0x1E2E12: PEM_bytes_read_bio (pem_lib.c:289)
==907==    by 0x1E4CE5: PEM_ASN1_read_bio (pem_oth.c:79)
==907==    by 0x1E57CC: PEM_read_bio_X509 (pem_x509.c:87)
==907==    by 0x15D241: ssl_use_certificate_chain_bio (ssl_rsa.c:699)
==907==    by 0x15D44B: SSL_CTX_use_certificate_chain_mem (ssl_rsa.c:771)
==907==
==907== 80 bytes in 1 blocks are still reachable in loss record 7 of 10
==907==    at 0x484DA83: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==907==    by 0x1A255B: BIO_meth_new (bio_meth.c:29)
==907==    by 0x14A9AE: bio_cb_method_init (tls_bio_cb.c:45)
==907==    by 0x14AA55: bio_s_cb (tls_bio_cb.c:64)
==907==    by 0x14AD08: tls_set_cbs (tls_bio_cb.c:154)
==907==    by 0x147B49: tls_accept_cbs (tls_server.c:445)
==907==    by 0x13D4F5: test_tls_cbs (tlstest.c:223)
==907==    by 0x13DE41: do_tls_tests (tlstest.c:380)
==907==    by 0x13E4E9: main (tlstest.c:550)
==907==
==907== 128 bytes in 1 blocks are still reachable in loss record 8 of 10
==907==    at 0x484DA83: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==907==    by 0x1D4990: lh_new (lhash.c:214)
==907==    by 0x1C1C88: err_thread_get (err.c:369)
==907==    by 0x1C1E20: err_thread_set_item (err.c:417)
==907==    by 0x1C2351: ERR_get_state (err.c:574)
==907==    by 0x1C2BB4: ERR_put_error (err.c:852)
==907==    by 0x1E432F: PEM_read_bio (pem_lib.c:699)
==907==    by 0x1E2E12: PEM_bytes_read_bio (pem_lib.c:289)
==907==    by 0x1E4CE5: PEM_ASN1_read_bio (pem_oth.c:79)
==907==    by 0x1E57CC: PEM_read_bio_X509 (pem_x509.c:87)
==907==    by 0x15D241: ssl_use_certificate_chain_bio (ssl_rsa.c:699)
==907==    by 0x15D44B: SSL_CTX_use_certificate_chain_mem (ssl_rsa.c:771)
==907==
==907== 568 bytes in 1 blocks are still reachable in loss record 9 of 10
==907==    at 0x484DA83: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==907==    by 0x143E41: tls_config_new_internal (tls_config.c:99)
==907==    by 0x140834: tls_do_init (tls.c:50)
==907==    by 0x48FEEE7: __pthread_once_slow (pthread_once.c:116)
==907==    by 0x14088A: tls_init (tls.c:63)
==907==    by 0x142ABD: tls_client (tls_client.c:42)
==907==    by 0x13DC5E: do_tls_tests (tlstest.c:357)
==907==    by 0x13E4E9: main (tlstest.c:550)
==907==
==907== 592 bytes in 1 blocks are still reachable in loss record 10 of 10
==907==    at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==907==    by 0x1C229F: ERR_get_state (err.c:564)
==907==    by 0x1C2BB4: ERR_put_error (err.c:852)
==907==    by 0x1E432F: PEM_read_bio (pem_lib.c:699)
==907==    by 0x1E2E12: PEM_bytes_read_bio (pem_lib.c:289)
==907==    by 0x1E4CE5: PEM_ASN1_read_bio (pem_oth.c:79)
==907==    by 0x1E57CC: PEM_read_bio_X509 (pem_x509.c:87)
==907==    by 0x15D241: ssl_use_certificate_chain_bio (ssl_rsa.c:699)
==907==    by 0x15D44B: SSL_CTX_use_certificate_chain_mem (ssl_rsa.c:771)
==907==    by 0x141A0A: tls_configure_ssl_keypair (tls.c:499)
==907==    by 0x14749B: tls_configure_server_ssl (tls_server.c:257)
==907==    by 0x1478D3: tls_configure_server (tls_server.c:357)
==907==
==907== LEAK SUMMARY:
==907==    definitely lost: 0 bytes in 0 blocks
==907==    indirectly lost: 0 bytes in 0 blocks
==907==      possibly lost: 0 bytes in 0 blocks
==907==    still reachable: 1,601 bytes in 10 blocks
==907==         suppressed: 0 bytes in 0 blocks
==907==
==907== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

[botovq]

I am well aware of the atexit handler that OpenSSL installs and also that it has caused numerous issues over the years. I cautioned you against using that approach and suggested that we work on a solution that has a chance of working. Apparently you are not interested.

Here's one example among many: pyca/cryptography#10368

[TheTechsTech]

There are multiple problems with all your replies, the issue has nothing to do with the code.

The thing about providing conveniences, something the user no longer needs to be concern with. Who is in charge at that point? They gloss over all the many nuances that involve.

The linked issue with Python, is they not understanding the nature of that. They should have not upgraded. It is clear to me, libressl is not at OpenSSL 1.1.0 yet.

What I reported here, calling OPENSSL_cleanup will not resolve it, nor creating a function to cleanup libtls conveniences, a separate thing too.

There are multiple ways to detect or set the behavior of any function. Seems openssl/openssl#17469 (comment) and openssl/openssl#25294 don't get that. You can't get there just copying.

You know, there there is a big difference in people calling themselves a programmer compared to developer, not interchangeable. One is represented by a one-way arrow, a small aspect, a user, a follower, a copy. Do as told, do as instructed. A.I. will do away with them.