On 9/10/2019 6:08 AM, Daniel Polski via curl-library wrote:
curl 7.65.3
openssl 1.1.1b
I'm still hunting for the crash bug in my application and found
something interesting: "old SSL session ID is stale, removing" (marked
"<-- this row") is reported twice about the same time in the verbose
curl output below.
Are 2 threads trying to remove the same session without locking? As
far as I understand from openssl.c that should be prevented by the
call to Curl_ssl_sessionid_lock(conn)?
I setup a share which I initialize once with:
CURLSH *sslShare;
sslShare = curl_share_init();
curl_share_setopt(sslShare, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);
and then different threads call a function which in turn set it like
this before calling curl_easy_perform:
CURL *curl = curl_easy_init();
(...)
curl_easy_setopt(curl, CURLOPT_SHARE, ?????? ?????? ?????? sslShare);
res = curl_easy_perform(curl);
Should that be enough for session share protection, or do I also have
to configure own locking similar to this:
curl_share_setopt(sslShare, CURLSHOPT_LOCKFUNC, a_lock_cb);
curl_share_setopt(sslShare, CURLSHOPT_UNLOCKFUNC, an_unlock_cb);
Refer to CURLOPT_SHARE [1], curl_share_setopt [2] and thread safety
guidelines [3]. Excerpt from CURLOPT_SHARE:
"If the curl handles are used simultaneously in multiple threads, you
MUST use the locking methods in the share handle. See curl_share_setopt
for details."
[1]: https://curl.haxx.se/libcurl/c/CURLOPT_SHARE.html
[2]: https://curl.haxx.se/libcurl/c/curl_share_setopt.html
[3]: https://curl.haxx.se/libcurl/c/threadsafe.html
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
