cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: libcurl documentation bug

From: Alex Bligh <alex_at_alex.org.uk>
Date: Fri, 16 Sep 2016 14:35:33 +0100

> On 16 Sep 2016, at 13:44, Short, Todd <tshort_at_akamai.com> wrote:
>
> The scenario I’m thinking of is:
>
> 1. initialize OpenSSL
> 2. use OpenSSL ex_data
> 3. curl_global_init();
> 4. use curl
> 5. curl_global_cleanup(); /* which calls CRYPTO_cleanup_all_ex_data() */
> 6. continue to use OpenSSL ex_data — error/crash

Unfortunately openssl is almost impossible to use correctly in libraries due
to its use of global variables.

Consider for a minute that there are two libraries, libfoo and libbar
that both use OpenSSL. The application does not itself use OpenSSL.
Both have cleanup routines. libfoo does not call libbar or
vice versa. Which one of these would you suggest calls
CRYPTO_cleanup_all_ex_data() ? Whichever you answer, that
library might be deinitialised first, and the other
library used subsequently in a manner that uses OpenSSL.
I vaguely recall being in that position and it it was the other
library's *deinit* which used OpenSSL (to deinit it), which
caused the issue.

Apart from having a 'stop talking to OpenSSL at all' call, I don't
see a way around this.

-- 
Alex Bligh
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html
Received on 2016-09-16