Hello again,

On Thu, Apr 30, 2009 at 12:10 AM, Daniel Stenberg <[email protected]> wrote:

> On Wed, 29 Apr 2009, Matt Veenstra wrote:
>
>  Removing the seed call (which I assume is used for the salt) solves the
>> crash.  Should the seed be set in curl_global_init()?
>>
>
> I find no OpenSSL docs that claim those random functions aren't thread-safe
> so it seems thet should be possible to use like this. Although I think that
> if the problem persists it might be a good idea to take it up with the
> OpenSSL devs as welll to see if they have anything wise to add to this.
>
> The seed cannot easily be set in curl_global_init() mostly due to how our
> API is: it features several options that influence the seeding and they are
> set on a per-easy handle basis.
>
> I would also suggest that you try with a very recent libcurl as well to see
> if that too repeats the problem just to make sure you're not hunting ghosts!
>

I finally had the time to rebuild and try with the most recent stable
versions and the crash still exists.

I am using libcurl 7.19.4 and openssl 0.9.8k.  The crash still happens.

Does libcurl have any simple global lock/mutex we can wrap around these
calls as a fix?  They do not take very long and in a perfect world would
only be called once per thread.  My fix today is to NOT seed OpenSSL.  I do
this by modifying libcurl.  I of course could write my own very simple lock
as well.

I will also start a conversation with the openssl list.

Thanks for any other ideas,
Matt

Reply via email to