cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTP > HTTPS redirect with curl_global_init(CURL_GLOBAL_NOTHING) crashes

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 29 Jun 2016 09:21:28 +0200 (CEST)

On Tue, 28 Jun 2016, Ray Satiro via curl-library wrote:

> In the rare circumstance where you do your own Winsock and/or SSL
> initialization you may be able to skip using CURL_GLOBAL_WIN32 and/or
> CURL_GLOBAL_SSL. It's not recommended or documented how to do that safely in
> a way that meets libcurl's requirements of those libraries, which may
> change.

Yeah. These bits and these abilities were added back in the days when we
didn't have as many TLS backends (the sweet innocense of 2001!), so when I
learned that both OpenSSL and the winsock stuff want to get initialized only
once in a program I made it possible for programs that for some reason would
do its own TLS and/or winsock initializations outside of libcurl to tell
libcurl to skip those parts.

So setting it to CURL_GLOBAL_NOTHING doesn't mean that HTTPS shouldn't work,
it just means that the application took care of the TLS (and winsock) initing.

Of course, in modern days, an application would have to know quite a bit about
the specific libcurl instance it uses if it wants to init the TLS library
itself and it is probably very rare and a feature almost never used
(correctly). Then again, a vast majority of all libcurl users are using
OpenSSL so you could make some assumptions and probably get away with them for
a long time.

But the crashes part is interesting. What exactly crashes and how? We could
possibly try to work harder to avoid that even in a situation where this is
wrongly used.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html
Received on 2016-06-29