curl / Mailing Lists / curl-library / Single Mail


Re: Do you switch off CURL_GLOBAL_SSL and why?

From: Daniel Stenberg <>
Date: Mon, 27 Nov 2017 10:38:48 +0100 (CET)

On Fri, 17 Nov 2017, Daniel Stenberg wrote:

> Nowadays though. Is anything or anyone using this feature (disabling
> CURL_GLOBAL_SSL) for a good purpose and if so, can you please elaborate on
> why and how? (I don't think "I won't use any TLS protocols" is a good
> reason.)


Me and Ray have discussed this topic back and forth extensively on github in
several PRs. We still disagree on the best approach to proceed from here, but
as we have a release coming in less than 48 hours I had to make a decision so
that we at least fix the current bugs at hand.

This morning I landed PR #2107 as commit d661b0afb. It makes libcurl ignore
CURL_GLOBAL_SSL. It becomes a no-op. libcurl will now always initialize the
TLS library stuff and all the relevant TLS internals if built with TLS

The risk: that there's actually a legitimate user somewhere out there who
disables the libcurl SSL init for a good reason and that now will suffer from
some obscure problems. I do however think that if there is such a user, they
should get problems early and immediately. I estimate the risk for this to be
very small.

The backup approach: should the risk turn out real and my estimate be crap (it
has happened before! :-O), the plan is to then backpedal and go with #2112 [*]

[*] =

Received on 2017-11-27