> libcrypto no longer cleans up globally allocated data via atexit().

> OPENSSL_cleanup() now runs in a global destructor, or not at all by default.

Oh oh. Heartbleed 2.0 incoming.

I really do hope that they broke APIs specifically throwing errors or race conditions so that devs are forced to cleanup. Otherwise this is going to be a nightmare to find out in terms of maintenance and audits.

I mean it's a new major release so it's a valid design change. But I hope they're thinking of providing and migration/update guide or a checklist to reduce usage errata.

(I'm heavily in favor of deprecating the fixed version method names)