ssl thread safety

Daniel Stenberg

2007-11-09 21:39:26 UTC

I'm looking for some clarification of the thread-safety issues in openssl
and libcurl. From what I can tell, you only need to write the thread-safty
callbacks (locking_function and id_function) if multiple threads will access
the SAME curl connection and only if that curl connection uses SSL.

Incorrect. If you use OpenSSL from more than one thread simultanouesly, you
need to set those callbacks. That's totally unrelated to what libcurl
connections that are used or not.

At least that's what I've come to learn. You really should ask this question
to the openssl team of you want the exact and in-depth answer. Or just read
their docs.

Additionally, I'm using a precompiled curl library, the source of which,
unfortunately, I don't remember, but I'm sure it was one of the links from
the bottom of the download page at curl.haxx.se. It includes libcurl.dll,
libeay32.dll and ssleay32.dll.

I wasn't aware that anyone bundled the openssl libs with the libcurl one in
any such package.

I'm assuming this is a standard distribution

There is no "standard distribution" of libcurl except for the source code
release that our project produces. All the binary packages made for all the
various platforms are made by individuals or teams outside of the project, for
the benefit of everyone. But the contents of the packages and how they're made
etc are not controlled by the curl project.

so will this have been built with the necessary callbacks implemented that
make openssl thread safe? Is there a way to tell?

These callbacks are never done by libcurl itself so I would say that you can
safely assume that no matter what libcurl you download, no OpenSSL mutex
callbacks are set.

--
Commercial curl and libcurl Technical Support: http://haxx.se/curl.html