Dev news

Commit 0267e86f76 for openssl.org

commit 0267e86f76e3106dd0976260e47cc345d250d57f
Author: Ethan <sandersclanfam@gmail.com>
Date:   Fri Mar 27 15:15:52 2026 -0400

    doc: updates no-pinshared description

    The current documentation heavily references the now removed
    `atexit()` handlers. This updates the description to better reflect
    it's current utility (removal of `-Wl,-znodelete` linker flags on
    Linux and Hurd).

    Fixes #30586

    Reviewed-by: Richard Levitte <levitte@openssl.org>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    Reviewed-by: Saša Nedvědický <sashan@openssl.org>
    MergeDate: Sat Apr 11 19:44:00 2026
    (Merged from https://github.com/openssl/openssl/pull/30606)

diff --git a/INSTALL.md b/INSTALL.md
index 43408b1c98..08ba4baa6d 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -912,17 +912,17 @@ Build with support for Position Independent Execution.

 Don't pin the shared libraries.

-By default OpenSSL will attempt to stay in memory until the process exits.
-This is so that libcrypto and libssl can be properly cleaned up automatically
-via an `atexit()` handler.  The handler is registered by libcrypto and cleans
-up both libraries.  On some platforms the `atexit()` handler will run on unload of
-libcrypto (if it has been dynamically loaded) rather than at process exit.
-
-This option can be used to stop OpenSSL from attempting to stay in memory until the
-process exits.  This could lead to crashes if either libcrypto or libssl have
-already been unloaded at the point that the atexit handler is invoked, e.g.  on a
-platform which calls `atexit()` on unload of the library, and libssl is unloaded
-before libcrypto then a crash is likely to happen.
+By default, on supported platforms (such as Linux and GNU Hurd), OpenSSL
+is built with linker options (e.g., `-Wl,-znodelete`) that prevent the
+operating system from unloading the libcrypto and libssl shared libraries
+from memory, even if the application explicitly unloads them using
+`dlclose()`. On platforms that do not support these options, this feature
+is disabled by default.
+
+This option prevents the addition of those linker flags, allowing the
+shared libraries to be completely unloaded from the process address space.
+This is useful for applications that dynamically load and unload OpenSSL
+plugins to conserve memory.

 Note that shared library pinning is not automatically disabled for static builds,
 i.e., `no-shared` does not imply `no-pinshared`. This may come as a surprise when
@@ -930,10 +930,6 @@ linking libcrypto statically into a shared third-party library, because in this
 case the shared library will be pinned. To prevent this behaviour, you need to
 configure the static build using `no-shared` and `no-pinshared` together.

-Applications can suppress running of the `atexit()` handler at run time by
-using the `OPENSSL_INIT_NO_ATEXIT` option to `OPENSSL_init_crypto()`.
-See the man page for it for further details.
-
 ### no-posix-io

 Don't use POSIX IO capabilities.