curl / Mailing Lists / curl-users / Single Mail


Re: What's the best practice for libcurl + openssl?

From: Ray Satiro <>
Date: Tue, 6 Nov 2018 01:12:39 -0500

On 11/5/2018 5:56 AM, ccwwl Wu wrote:
> In my application, I use libcurl for https, and directly using openssl
> for md5. So when I call curl_global_cleanup, this function will call
> EVP_cleanup which will clean all ssl environment, then md5 algorithm
> will be disabled. So what's the best practice for libcurl + openssl?
> The version of my libcurl is 7.60.

If libcurl is using OpenSSL as its SSL backend and you call
curl_global_cleanup then it will call OpenSSL cleanup functions. There
is no longer a way to opt-out of that, however you can either not call
curl_global_cleanup or possibly? you can re-initialize OpenSSL after
curl_global_cleanup or you can upgrade to OpenSSL 1.1.x. libcurl does
not call OpenSSL cleanup functions in OpenSSL 1.1+, and even if it did
those cleanup functions are now no-ops that exist just for compatibility
with previous versions.

In the future for libcurl questions please use the curl-library mailing
list instead of curl-users. [1]


Received on 2018-11-06