Your message dated Thu, 25 Oct 2018 18:30:44 +0100
with message-id <[email protected]>
and subject line Re: Bug#911085: libcurl links old 1.0.2 OpenSSL libraries,
while 1.1 is installed on system which prevents setting up SSL locking
functions and causes random crashes
has caused the Debian Bug report #911085,
regarding libcurl links old 1.0.2 OpenSSL libraries, while 1.1 is installed on
system which prevents setting up SSL locking functions and causes random crashes
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
911085: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=911085
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: curl
Version: 7.52.1-5+deb9u7
Building an application on Stretch using libcurl in a multithreaded manner
accessing https URLs will result in random crashes.
Setting up the OpenSSL locks required by 1.0.2 (CRYPTO_set_id_callback() and
CRYPTO_set_locking_callback()) is complicated by the fact that the system
OpenSSL headers and library is 1.1, and that the application ends up depending
on multiple versions of libcrypto.
It may simply be a matter of rebuilding libcurl to link against 1.1, as work to
support 1.1 in libcurl started in 2014.
Otherwise the OpenSSL wiki (https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes#cURL )
mentions a single required change: "SSL_SESSION->ssl_version. Replaced with
SSL_version(SSL *)".
See alsohttps://curl.haxx.se/libcurl/c/threadsafe.html .
Kind regards,
Jerome St-Louis
--- End Message ---
--- Begin Message ---
Source: curl
Source-Version: 7.60.0-2
On Mon, Oct 15, 2018 at 09:53:38AM -0400, Jérôme St-Louis wrote:
> Package: curl
> Version: 7.52.1-5+deb9u7
>
> Building an application on Stretch using libcurl in a multithreaded manner
> accessing https URLs will result in random crashes.
> Setting up the OpenSSL locks required by 1.0.2 (CRYPTO_set_id_callback() and
> CRYPTO_set_locking_callback()) is complicated by the fact that the system
> OpenSSL headers and library is 1.1, and that the application ends up
> depending on multiple versions of libcrypto.
> It may simply be a matter of rebuilding libcurl to link against 1.1, as work
> to support 1.1 in libcurl started in 2014.
> Otherwise the OpenSSL wiki
> (https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes#cURL ) mentions a
> single required change: "SSL_SESSION->ssl_version. Replaced with
> SSL_version(SSL *)".
>
> See alsohttps://curl.haxx.se/libcurl/c/threadsafe.html .
>
> Kind regards,
>
> Jerome St-Louis
>
curl has already been migrated to openssl 1.1 in Buster (see #858398).
--- End Message ---
