> ------------------------------
>
> Message: 5
> Date: Thu, 14 Feb 2008 16:00:01 -0800
> From: Dan Fandrich <dan_at_coneharvesters.com>
> Subject: Re: curl_global_init
> To: curl-library_at_cool.haxx.se
> Message-ID: <20080215000001.GA28598_at_coneharvesters.com>
> Content-Type: text/plain; charset=us-ascii
>
> On Thu, Feb 14, 2008 at 06:23:45PM -0500, McGarvey, Kevin wrote:
> > Based on what you wrote, the documentation is incorrect.
> It says the
> > following:
> >
> > "You must not call it when any other thread in the program (i.e. a
> > thread sharing the same memory) is running. This doesn't
> just mean no
> > other thread that is using libcurl. Because curl_global_init() calls
> > functions of other libraries that are similarly thread
> unsafe, it could
> > conflict with any other thread that uses these other libraries."
> >
> > But what you are saying here is that the issue is confined
> to multiple
> > threads running curl_global_init.
>
> Not quite--multiple threads running curl_global_init are verboten, but
> so are multiple threads running any of the other
> non-thread-safe functions
> that curl_global_init itself calls (or potentially any other
> dependencies
> of those calls). So putting curl_global_init into a critical
> section isn't
> enough in the general case.
>
> For example, an app could spawn three threads, two of which call
> curl_global_init in a critical section (thereby preventing
> unsafe usage),
> but the third calling SSLeay_add_ssl_algorithms() which isn't
> protected
> (I'm assuming that's one of the non-thread-safe OpenSSL calls at issue
> here). That could mean that two threads call
> SSLeay_add_ssl_algorithms()
> simultaneously.
>
> > The scenario that Georg described is exactly what we are
> doing. We have
> > a C++ library that is plugged in to a Java Virtual Machine
> via JNI. We
> > can use a mutex to single-thread calls to curl_global_init,
> but we are
> > not the first thread running and there will be many threads
> running that
> > are not ours when we call curl_global_init.
> >
> > Are we OK as long as two threads don't call curl_global init
> > simultaneously?
>
> Not in the general case, but it might be in your specific
> case if you have
> control over the apps using your plug-in. But if you don't, and some
> user decides to use your curl plug-in and OpenSSL-Java in his
> app at the
> same time in different threads--boom!
>
> >>> Dan
> --

I looked into the topic of mutithreaded usage of OpenSSL and from what I
read, you have to call CRYPTO_set_locking_callback() and
CRYPTO_set_id_callback(). I searched the curl source and I see an
example program in /docs/examples/opensslthreadlock.c.

It seems that if we, or the host program does this, we would be safe.
Please comment.
Received on 2008-02-15