Hello curl-library:

We’ve discovered a bug in the libcurl documentation. The issue revolves around curl_global_cleanup() that ends up calling CRYPTO_cleanup_all_ex_data(). This OpenSSL function is meant to be called only once, at program termination, as it cleans up data that leaves users of ex_data in an inconsistent state. (tl;dr: ex_data index values are basically reset, but are still held by application).

At https://curl.haxx.se/libcurl/c/libcurl.html referring to curl_global_init() and curl_global_cleanup():

“You can call both of these multiple times, as long as all calls meet these requirements and the number of calls to each is the same.”

This statement is wrong, as curl_global_cleanup() cannot be called multiple times due to CRYPTO_cleanup_all_ex_data().

At: https://curl.haxx.se/libcurl/c/curl_global_init.html:

“This function must be called at least once within a program (a program is all the code that shares a memory space) before the program calls any other function in libcurl. The environment it sets up is constant for the life of the program and is the same for every program, so multiple calls have the same effect as one call.”

Since curl_global_cleanup() can only be called once, then curl_global_init() should only be called once.

If the intended use is as documented, then perhaps the CRYTPO_cleanup_all_ex_data() call should be removed from the library.

Note: this only applies to OpenSSL 1.0.x.

--
-Todd Short
// tshort_at_akamai.com<mailto:tshort_at_akamai.com>
// "One if by land, two if by sea, three if by the Internet."

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-09-15