Monday, May 30, 2016

Thread safty issues of openssl when used with curl

When you use libcurl to send any SSL connections like HTTPS, FTPS, etc., you need to have a look at the underlying SSL library used by libcurl which does not have native SSL support.

Per:
https://curl.haxx.se/libcurl/c/threadsafe.html
and
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-pre5/CHANGES
if you are using openssl (libssl) whose version is lower than 1.1.0, the openssl is not thread safe. You thus have to add thread locks to the openssl layer in libcurl following:
https://curl.haxx.se/libcurl/c/threaded-ssl.html

Alternatively, you could start using openssl 1.1.0 though it does not have a stable version at this time. libcurl later than 7.49.0 could compile with openssl 1.1.0, as shown on:
https://curl.haxx.se/changes.html


Other notes: openssl 1.1.0 could not compile with the latest MySQL C++ connector 1.1.7, as some symbols that the connector needs have been deprecated in openssl 1.1.0.

No comments: