cURL / Mailing Lists / curl-library / Single Mail


Re: HTTP > HTTPS redirect with curl_global_init(CURL_GLOBAL_NOTHING) crashes

From: Richard Gray <>
Date: Wed, 29 Jun 2016 09:39:56 -0400

Daniel Stenberg wrote:
> On Tue, 28 Jun 2016, Ray Satiro via curl-library wrote:
>> In the rare circumstance where you do your own Winsock and/or SSL
>> initialization you may be able to skip using CURL_GLOBAL_WIN32 and/or
>> CURL_GLOBAL_SSL. It's not recommended or documented how to do that safely in
>> a way that meets libcurl's requirements of those libraries, which may change.
> Yeah. These bits and these abilities were added back in the days when we
> didn't have as many TLS backends (the sweet innocense of 2001!), so when I
> learned that both OpenSSL and the winsock stuff want to get initialized only
> once in a program I made it possible for programs that for some reason would
> do its own TLS and/or winsock initializations outside of libcurl to tell
> libcurl to skip those parts.
> So setting it to CURL_GLOBAL_NOTHING doesn't mean that HTTPS shouldn't work,
> it just means that the application took care of the TLS (and winsock) initing.
> Of course, in modern days, an application would have to know quite a bit about
> the specific libcurl instance it uses if it wants to init the TLS library
> itself and it is probably very rare and a feature almost never used
> (correctly). Then again, a vast majority of all libcurl users are using
> OpenSSL so you could make some assumptions and probably get away with them for
> a long time.
> But the crashes part is interesting. What exactly crashes and how? We could
> possibly try to work harder to avoid that even in a situation where this is
> wrongly used.

My main thrust in bringing this up was documentation about SSL initialization
and whether or not libcurl should protect against SSL use when it hasn't been
initialized. Not a big deal, because I know I was screwing up.

static const long max_redirs = 5; /* follow up to n redirects */

    rtn = curl_global_init(CURL_GLOBAL_NOTHING); /* minimal */
// rtn = curl_global_init(CURL_GLOBAL_DEFAULT);
    if (rtn)
       efunc = "curl_global_init";
       mh = curl_multi_init();
       if (mh == NULL)
          efunc = "curl_multi_init()";
    if (*efunc)
       // LOG ERROR & FAIL

    // DEBUG OUT curl_version(), _info()

    // basic init of handle

    curl_easy_setopt(hs->eh, CURLOPT_VERBOSE, 1L);
    curl_easy_setopt(hs->eh, CURLOPT_PRIVATE, ses);
    curl_easy_setopt(hs->eh, CURLOPT_TIMEOUT, (long)HTTP_TIMEOUT);
    curl_easy_setopt(hs->eh, CURLOPT_NOSIGNAL, 1L); /* just in case */
    curl_easy_setopt(hs->eh, CURLOPT_WRITEFUNCTION, &wrt_callback);
    curl_easy_setopt(hs->eh, CURLOPT_WRITEDATA, ses);
    curl_easy_setopt(hs->eh, CURLOPT_FOLLOWLOCATION, (long)(max_redirs != 0L));
    curl_easy_setopt(hs->eh, CURLOPT_MAXREDIRS, max_redirs);
    curl_easy_setopt(hs->eh, CURLOPT_REDIR_PROTOCOLS,
                    (CURLPROTO_HTTP | CURLPROTO_HTTPS) );

    // init of individual scrape attempt

       cres = curl_easy_setopt(hs->eh, CURLOPT_URL, hs->url);
       if (cres != CURLE_OK)
          // error
       mres = curl_multi_add_handle(mh, hs->eh);
       if (mres != CURLM_OK)
         // error

curl_multi_perform is called off the main loop's select(), which is primarily
handling a boatload of SNMP (UDP) packet traffic.

Mix of my debug/logging and libcurl's:

init http scrape
  libcurl: libcurl/7.47.0 WinSSL WinIDN
  info age 3
  info ver 7.47.0
  info ver# 72f00
  info proto dict
  info proto file
  info proto ftp
  info proto ftps
  info proto gopher
  info proto http
  info proto https
  info proto imap
  info proto imaps
  info proto ldap
  info proto pop3
  info proto pop3s
  info proto rtsp
  info proto smb
  info proto smbs
  info proto smtp
  info proto smtps
  info proto telnet
  info proto tftp
  feature SSL
  entering main loop scrape target
  * Trying
--- 2 2 46 1 0
  * Connected to ( port 80 (#0)
> GET /ews/status/infomation.htm HTTP/1.1
Accept: */*

* HTTP 1.0, assume close after body
< HTTP/1.0 302 Found
< Location:
< Server: EWS-NIC4/13.11
< Connection: close
< Content-Type: text/html
* Closing connection 0
* Issue another request to this URL: '
* Trying
* Connected to ( port 443 (#1)
* schannel: SSL/TLS connection with port 443 (step 1/3)
* schannel: checking server certificate revocation

I was not running a debug version of libcurl (no symbols), so I pretty much
lose visibility at curl_multi_perform().

Without redirection enabled or with CURLPROTO_HTTPS out, the sequence safely
stops at the redirect.

As I said, I don't see this as a big deal and can't put a lot of time into it,
but I was curious.

Thanks Ray & Daniel!


List admin:
Received on 2016-06-29