Re: curl_easy_perform() crash (more info)

On 9/10/2019 6:08 AM, Daniel Polski via curl-library wrote:
> curl 7.65.3
> openssl 1.1.1b
>
> I'm still hunting for the crash bug in my application and found
> something interesting: "old SSL session ID is stale, removing" (marked
> "<-- this row") is reported twice about the same time in the verbose
> curl output below.
>
> Are 2 threads trying to remove the same session without locking? As
> far as I understand from openssl.c that should be prevented by the
> call to Curl_ssl_sessionid_lock(conn)?
>
> I setup a share which I initialize once with:
> CURLSH *sslShare;
> sslShare = curl_share_init();
> curl_share_setopt(sslShare, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
>
> and then different threads call a function which in turn set it like
> this before calling curl_easy_perform:
> CURL *curl = curl_easy_init();
> (...)
> curl_easy_setopt(curl, CURLOPT_SHARE, ?????? ?????? ?????? sslShare);
> res = curl_easy_perform(curl);
>
>
> Should that be enough for session share protection, or do I also have
> to configure own locking similar to this:
> curl_share_setopt(sslShare, CURLSHOPT_LOCKFUNC, a_lock_cb);
> curl_share_setopt(sslShare, CURLSHOPT_UNLOCKFUNC, an_unlock_cb);

Refer to CURLOPT_SHARE [1], curl_share_setopt [2] and thread safety
guidelines [3]. Excerpt from CURLOPT_SHARE:

"If the curl handles are used simultaneously in multiple threads, you
MUST use the locking methods in the share handle. See curl_share_setopt
for details."

[1]: https://curl.haxx.se/libcurl/c/CURLOPT_SHARE.html
[2]: https://curl.haxx.se/libcurl/c/curl_share_setopt.html
[3]: https://curl.haxx.se/libcurl/c/threadsafe.html

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-09-13