Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

httplib_connect_client_impl is not thread safe #28

Closed
lammertb opened this issue Dec 26, 2016 · 2 comments
Closed

httplib_connect_client_impl is not thread safe #28

lammertb opened this issue Dec 26, 2016 · 2 comments
Assignees
@lammertb
Labels
fixed

Comments

@lammertb
Copy link
Owner

This function uses a fake ctx structure which is static and returned in the connection if this function returns. So technically there can only run one client connection at the time.
@lammertb lammertb added the bug label Dec 26, 2016
@lammertb
Copy link
Owner Author

lammertb commented Dec 31, 2016
edited

I am now actually quite sure that this is a severe bug. When running SSL, the client SSL context is linked to the fake context and this context can than be reused by different connections. This is not only a threading issue, but also a security issue. The only solution is that each connection where LibHTTP functions as the client has its own context.

@lammertb
Copy link
Owner Author

Fixed in f5e4015 which now mandates that the calling application provides a proper client context.

@lammertb lammertb added fixed and removed bug labels Dec 31, 2016
@lammertb lammertb self-assigned this Dec 31, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lammertb lammertb

Labels
fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lammertb