GnuTLS initialization thread safety
Date: Sat, 14 Feb 2009 01:40:36 -0800
The main initialization entry point Curl_gtls_init() is called by
curl_global_init(), which is guaranteed to be executed before any threads
have started in the system. However, it has this comment:
/* Unfortunately we can not init here, things like curl --version will
* fail to work if there is no egd socket available because libgcrypt
* will EXIT the application!!
* By doing the actual init later (before actually trying to use GnuTLS),
* we can at least provide basic info etc.
and the function itself is empty. Sure enough, the GnuTLS init function
gnutls_global_init() is actually called as a TLS session is created,
which would ultimately be within curl_easy_perform(). That init code
uses a global variable which is suspiciously thread-unsafe; it could
only be safe if gnutls_global_init() is itself thread safe, but the GnuTLS
documentation says explicitly the opposite--that it is not.
I don't see any solution other than moving the call to gnutls_global_init()
back into the only safe place, namely curl_global_init(). The problem
with curl --version failing would have to be dealt with some other way,
perhaps by making --version a special case and skipping the global init
when it is given.
-- http://www.MoveAnnouncer.com The web change of address service Let webmasters know that your web site has movedReceived on 2009-02-14