cURL / Mailing Lists / curl-library / Single Mail


Re: libcurl documentation bug

From: Daniel Stenberg <>
Date: Thu, 15 Sep 2016 16:29:48 +0200 (CEST)

On Thu, 15 Sep 2016, Short, Todd wrote:

> We’ve discovered a bug in the libcurl documentation. The issue revolves
> around curl_global_cleanup() that ends up calling
> CRYPTO_cleanup_all_ex_data(). This OpenSSL function is meant to be called
> only once, at program termination, as it cleans up data that leaves users of
> ex_data in an inconsistent state. (tl;dr: ex_data index values are basically
> reset, but are still held by application).

Thanks for this. We've supported OpenSSL for 17 years or so by now and there
are still new confusions reported regularly...

Can you clarify _where_ said limitation is documented by OpenSSL? I tried to
find docs for this function, but failed. And also, shouldn't "ex_data index
values are basically reset, but are still held by application" be considered
an OpenSSL bug? What could possbily be the motivation for leaving it like

> “You can call both of these multiple times, as long as all calls meet these
> requirements and the number of calls to each is the same.”
> This statement is wrong, as curl_global_cleanup() cannot be called multiple
> times due to CRYPTO_cleanup_all_ex_data().

Apparently, yes.

> If the intended use is as documented, then perhaps the
> CRYTPO_cleanup_all_ex_data() call should be removed from the library.

Then we would instead leak memory, right?


List admin:
Received on 2016-09-15