On Wed, Aug 28, 2019 at 01:04:25AM +0000, ryan@openldap.org wrote:

The GnuTLS documentation states:

...

Do not call this function from a library, or preferably from any application unless really needed to.

I disobeyed that guidance in commit 829027945, because I wasn't sure that GnuTLS's own threading support would cover all the platforms libldap does. This choice caused some bugs, e.g. https://bugs.debian.org/803197 and https://www.openldap.org/its/?findid=8797.

I don't know how to find out for sure whether anyone builds libldap with GnuTLS on a system where it lacks native mutexes. I think at this point I would rather fix the known broken cases, over the risk of potentially breaking a theoretical setup I'm not sure actually exists.

Therefore: I now propose applying this change for 2.5.

A similar change (making tlso_thr_init a no-op) has been introduced in ITS#8533 when compiling with OpenSSL 1.1.0+, so I gather it should be fine for GnuTLS as well.

Regards,