On 15 Sep 2016, at 14:53, Short, Todd <tsh...@akamai.com> wrote:
> We’ve discovered a bug in the libcurl documentation. The issue revolves 
> around curl_global_cleanup() that ends up calling 
> CRYPTO_cleanup_all_ex_data(). This OpenSSL function is meant to be called 
> only once, at program termination, as it cleans up data that leaves users of 
> ex_data in an inconsistent state. (tl;dr: ex_data index values are basically 
> reset, but are still held by application).
> At https://curl.haxx.se/libcurl/c/libcurl.html referring to 
> curl_global_init() and curl_global_cleanup():
> “You can call both of these multiple times, as long as all calls meet these 
> requirements and the number of calls to each is the same.”
> This statement is wrong, as curl_global_cleanup() cannot be called multiple 
> times due to CRYPTO_cleanup_all_ex_data().

Perhaps I am missing something here, but the curl_global_* functions maintain a 
counter so if the calls are nested, e.g. curl_global_init / curl_global_init / 
curl_global_cleanup / curl_global_cleanup, then only the last call to 
curl_global_cleanup() actually calls CRYPTO_cleanup_all_ex_data().  So all is 
well, no?

Or are you thinking of a scenario like curl_global_init / curl_global_cleanup 
... curl_global_init / curl_global_cleanup in which curl gets torn down and 
later re-inited?  And you're saying that Curl_ossl_init() (called by 
curl_global_init()) does not and/or cannot sufficiently reinitialise this data?


 The Wellcome Trust Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE. 

List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html

Reply via email to