DataFed icon indicating copy to clipboard operation
DataFed copied to clipboard
verified publisher icon ORNL

System - TLS library is not thread safe

Open dvstans opened this issue 4 years ago • 2 comments

libcurl with TLS is used extensively in server threads. While libcurl is being used correctly, it uses libcrypto which is not thread safe by default. Specific locking callbacks must be provided to avoid concurrent modification of internal data (causes crash).

dvstans avatar Feb 17 '21 21:02 dvstans

What is meant to be the fix here, use something other than libcurl, that is what I believe we had discussed, hence our research into POCO and others.

JoshuaSBrown avatar Dec 27 '22 18:12 JoshuaSBrown

We either need to find a secure, thread-safe, and actively maintained alternative to libcurl, or deal with the lack of thread safety in libcurl ourselves. TLS is the most critical component of communication security and must be actively maintained / patched.

dvstans avatar Jan 26 '23 15:01 dvstans