Open dvstans opened 3 years ago
What is meant to be the fix here, use something other than libcurl, that is what I believe we had discussed, hence our research into POCO and others.
We either need to find a secure, thread-safe, and actively maintained alternative to libcurl, or deal with the lack of thread safety in libcurl ourselves. TLS is the most critical component of communication security and must be actively maintained / patched.
libcurl with TLS is used extensively in server threads. While libcurl is being used correctly, it uses libcrypto which is not thread safe by default. Specific locking callbacks must be provided to avoid concurrent modification of internal data (causes crash).