On Thu, 15 Sep 2016, Short, Todd wrote:

> We’ve discovered a bug in the libcurl documentation. The issue revolves
> around curl_global_cleanup() that ends up calling
> CRYPTO_cleanup_all_ex_data(). This OpenSSL function is meant to be called
> only once, at program termination, as it cleans up data that leaves users of
> ex_data in an inconsistent state. (tl;dr: ex_data index values are basically
> reset, but are still held by application).

Thanks for this. We've supported OpenSSL for 17 years or so by now and there
are still new confusions reported regularly...

Can you clarify _where_ said limitation is documented by OpenSSL? I tried to
find docs for this function, but failed. And also, shouldn't "ex_data index
values are basically reset, but are still held by application" be considered
an OpenSSL bug? What could possbily be the motivation for leaving it like
that?

> “You can call both of these multiple times, as long as all calls meet these
> requirements and the number of calls to each is the same.”
>
> This statement is wrong, as curl_global_cleanup() cannot be called multiple
> times due to CRYPTO_cleanup_all_ex_data().

Apparently, yes.

> If the intended use is as documented, then perhaps the
> CRYTPO_cleanup_all_ex_data() call should be removed from the library.

Then we would instead leak memory, right?

-- 
  / daniel.haxx.se

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-09-15