On Tue, 6 Apr 2010, Christopher R. Palmer wrote:

> I am experiencing a crash while using libcurl to access secure sites in
> multiple threads. I've registered the locking function for openssl as
> per the docs.
>
> The two threads are calling curl_multi_perform and end up crashing in
> pbe_cmp after going through PKCS12_parse
>
> Putting a lock around cert_stuff in ssluse.c eliminates the crash.
>
> Can anyone point me in the right direction?

To me this smells like one of two things:

1 - An OpenSSL bug. Are you using an up to date openssl version?

2 - A flaw in the way libcurl uses the OpenSSL API. It has happened before,
and the only good way to find out is to re-read the OpenSSL docs and if
possible, try to repeat the problem with a smallish example so that a question
can be posted to the OpenSSL guys about it.

I'm not aware of anything within cert_stuff() that libcurl itself does which
isn't thread-safe, at least if you're using a recent enough version of OpenSSL
that has the SSL_CTX_set_default_passwd_cb_userdata() function.

Since you already have a lock for testing, you could try to move it to just
around specific OpenSSL functions to attempt to narrow it down. Like for
example the PKCS12_parse() invoke.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html