curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: curl_version_info() thread-safety

From: Patrick Monnerat via curl-library <>
Date: Sun, 25 Sep 2022 01:48:07 +0200

On 9/24/22 23:07, Daniel Stenberg wrote:
> On Sat, 24 Sep 2022, Patrick Monnerat via curl-library wrote:
>> I just noticed curl_version_info() is not thread-safe when compiled
>> with multi-ssl backends because the HTTPS-proxy feature bit is
>> computed at run-time and may change between calls.
>> This is the case until the effective SSL backend is selected
>> (curl_global_sslset() or curl_global_init()).
> Except of course that curl_global_sslset is documented to:
>  "This function can only be used to select an SSL backend once, and it
> must be
>   called before curl_global_init."
> ... and if that is followed, how can it change?

#include <stdio.h>
#include "curl/curl.h"

   const curl_version_info_data *vid;

   vid = curl_version_info(CURLVERSION_NOW);
   printf("%08X\n", vid->features);
   curl_global_sslset(CURLSSLBACKEND_OPENSSL, NULL, NULL);
   printf("%08X\n", vid->features);

Result (with a MultiSSL library):


Of course, this is not a threaded program, but it shows data returned by
the first call is altered after the second.

Received on 2022-09-25