JoshuaSBrown
commented
1 year ago What is meant to be the fix here, use something other than libcurl, that is what I believe we had discussed, hence our research into POCO and others.
Open dvstans opened 3 years ago
JoshuaSBrown
commented
1 year ago What is meant to be the fix here, use something other than libcurl, that is what I believe we had discussed, hence our research into POCO and others.
dvstans
commented
1 year ago We either need to find a secure, thread-safe, and actively maintained alternative to libcurl, or deal with the lack of thread safety in libcurl ourselves. TLS is the most critical component of communication security and must be actively maintained / patched.
libcurl with TLS is used extensively in server threads. While libcurl is being used correctly, it uses libcrypto which is not thread safe by default. Specific locking callbacks must be provided to avoid concurrent modification of internal data (causes crash).