curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Questions regarding curl_easy with SSL and multi threaded

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 14 Mar 2017 16:14:15 +0100 (CET)

On Tue, 14 Mar 2017, Volker Schmid wrote:

> - In general, why is the callback needed? I found
> https://www.openssl.org/docs/man1.0.2/crypto/threads.html but the
> explanation is very basic and I do not know if it applies to me. What
> exactly is the mutex for? And what is to prevent? No SSL handshakes in
> multiple threads at the same time? Even with different curl handles? During
> the whole connection or during a specific functionality?

You're asking the wrong team that question. OpenSSL 1.0.X documents this
requirement and we help users become aware of this since we don't set the
callbacks within libcurl. We also know that users experience random crashes if
this isn't followed.

If you want to dig into exact specifics of *why* this is required, then I
think you should ask on an OpenSSL mailing list instead. My simple guess is
that they have globals somewhere that they need to mutex.

OpenSSL >= 1.1.0 doesn't have that requirement anymore though - they instead
moved to require pthreads and implement the locks themselves.

> - Why is libcurl not setting and using the OpenSSL callbacks if it is using
> the libs and it is obviously needed?

Originally because we really don't know what threading library/model/concept
your application is using so we can't actually blindly presume pthreads.

More recently I think we can agree to the fact that most systems pretty much
have united around specific threading systems so we *can* do this assumption
with a fairly good accuracy so now its more just the fact that nobody has
attempted/bothered to write the code to provide this feature. (You could be
the one who does it!)

In the 2016 curl user survey (see [1] page 20), around 8% of the respondends
claimed they'd be interested in such a thing to get implemented. But then 23%
also said they'd like a read()/write() API and when I announced my work on
that [2], there's been nothing but crickets indicating that 23% of users in
the survey isn't enough to make any noise so what does that make 8%? =B)

[1] = https://daniel.haxx.se/media/curl%20user%20poll%202016%20analysis.pdf
[2] =
https://daniel.haxx.se/blog/2016/04/24/fcurl-is-fread-and-friends-for-urls/

> - As I use libcurl by loading it from dll/so/dylib I wonder how I can use
> and set the callbacks for OpenSSL if I do not even have the OpenSSL library
> opened?

By dlopen'ing that as well?

> - I wonder about, how to deal with this if libcurl is not using OpenSSL (eg
> on Windows using schannel and whatever libcurl is using on Linux or MacOS)?

Only a subset of the TLS backends require mutex callbacks set. libcurl built
with schannel for example doesn't need any.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2017-03-14