cURL / Mailing Lists / curl-library / Single Mail


Re: ssl thread safety

From: Daniel Stenberg <>
Date: Fri, 9 Nov 2007 22:39:26 +0100 (CET)

On Fri, 9 Nov 2007, wrote:

> I'm looking for some clarification of the thread-safety issues in openssl
> and libcurl. From what I can tell, you only need to write the thread-safty
> callbacks (locking_function and id_function) if multiple threads will access
> the SAME curl connection and only if that curl connection uses SSL.

Incorrect. If you use OpenSSL from more than one thread simultanouesly, you
need to set those callbacks. That's totally unrelated to what libcurl
connections that are used or not.

At least that's what I've come to learn. You really should ask this question
to the openssl team of you want the exact and in-depth answer. Or just read
their docs.

> Additionally, I'm using a precompiled curl library, the source of which,
> unfortunately, I don't remember, but I'm sure it was one of the links from
> the bottom of the download page at It includes libcurl.dll,
> libeay32.dll and ssleay32.dll.

I wasn't aware that anyone bundled the openssl libs with the libcurl one in
any such package.

> I'm assuming this is a standard distribution

There is no "standard distribution" of libcurl except for the source code
release that our project produces. All the binary packages made for all the
various platforms are made by individuals or teams outside of the project, for
the benefit of everyone. But the contents of the packages and how they're made
etc are not controlled by the curl project.

> so will this have been built with the necessary callbacks implemented that
> make openssl thread safe? Is there a way to tell?

These callbacks are never done by libcurl itself so I would say that you can
safely assume that no matter what libcurl you download, no OpenSSL mutex
callbacks are set.

  Commercial curl and libcurl Technical Support:
Received on 2007-11-09