On Tue, 6 Apr 2010, Christopher R. Palmer wrote:
I am experiencing a crash while using libcurl to access secure sites in
multiple threads. I've registered the locking function for openssl as
per the docs.
The two threads are calling curl_multi_perform and end up crashing in
pbe_cmp after going through PKCS12_parse
Putting a lock around cert_stuff in ssluse.c eliminates the crash.
Can anyone point me in the right direction?
To me this smells like one of two things:
1 - An OpenSSL bug. Are you using an up to date openssl version?
2 - A flaw in the way libcurl uses the OpenSSL API. It has happened before,
and the only good way to find out is to re-read the OpenSSL docs and if
possible, try to repeat the problem with a smallish example so that a question
can be posted to the OpenSSL guys about it.
I'm not aware of anything within cert_stuff() that libcurl itself does which
isn't thread-safe, at least if you're using a recent enough version of OpenSSL
that has the SSL_CTX_set_default_passwd_cb_userdata() function.
Since you already have a lock for testing, you could try to move it to just
around specific OpenSSL functions to attempt to narrow it down. Like for
example the PKCS12_parse() invoke.
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
