On Thu, 15 Sep 2016, Short, Todd wrote:
We’ve discovered a bug in the libcurl documentation. The issue revolves around curl_global_cleanup() that ends up calling CRYPTO_cleanup_all_ex_data(). This OpenSSL function is meant to be called only once, at program termination, as it cleans up data that leaves users of ex_data in an inconsistent state. (tl;dr: ex_data index values are basically reset, but are still held by application).
Thanks for this. We've supported OpenSSL for 17 years or so by now and there are still new confusions reported regularly...
Can you clarify _where_ said limitation is documented by OpenSSL? I tried to find docs for this function, but failed. And also, shouldn't "ex_data index values are basically reset, but are still held by application" be considered an OpenSSL bug? What could possbily be the motivation for leaving it like that?
“You can call both of these multiple times, as long as all calls meet these requirements and the number of calls to each is the same.”This statement is wrong, as curl_global_cleanup() cannot be called multiple times due to CRYPTO_cleanup_all_ex_data().
Apparently, yes.
If the intended use is as documented, then perhaps the CRYTPO_cleanup_all_ex_data() call should be removed from the library.
Then we would instead leak memory, right? -- / daniel.haxx.se
------------------------------------------------------------------- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
