libcurl-thread.3: Warn that OpenSSL may need extra cleanup

- Warn that in some cases OpenSSL needs a call to OPENSSL_thread_stop before thread termination in order to stop a memory leak. Reported-by: [email protected] Reported-by: [email protected] Fixes curl#12327 Closes #xxxx
jay · Nov 27, 2023 · b79f675 · b79f675
1 parent 1b04dfa
commit b79f675
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 4 deletions.
diff --git a/docs/libcurl/curl_global_cleanup.3 b/docs/libcurl/curl_global_cleanup.3
@@ -56,6 +56,13 @@ containing libcurl is dynamically unloaded while libcurl-created threads are
 still running then your program may crash or other corruption may occur. We
 recommend you do not run libcurl from any module that may be unloaded
 dynamically. This behavior may be addressed in the future.
+
+OpenSSL may require thread cleanup in some cases, so that it won't leak memory.
+For example, if OpenSSL is linked statically then each thread that uses
+OpenSSL, or libcurl, will leak memory unless you call OPENSSL_thread_stop()
+before the thread terminates. This is a limitation of OpenSSL and not libcurl.
+Refer to OpenSSL's documentation:
+https://www.openssl.org/docs/man3.0/man3/OPENSSL_thread_stop.html#NOTES
 .SH EXAMPLE
 .nf
  curl_global_init(CURL_GLOBAL_DEFAULT);

diff --git a/docs/libcurl/libcurl-thread.3 b/docs/libcurl/libcurl-thread.3
@@ -42,10 +42,18 @@ interface but you must provide your own locking and set
 Note that some items are specifically documented as not thread-safe in the
 share API (the connection pool and HSTS cache for example).
 .SH TLS
-All current TLS libraries libcurl supports are thread-safe. OpenSSL 1.1.0+ can
-be safely used in multi-threaded applications provided that support for the
-underlying OS threading API is built-in. For older versions of OpenSSL, the
-user must set mutex callbacks.
+All current TLS libraries libcurl supports are thread-safe.
+
+OpenSSL 1.1.0+ can be safely used in multi-threaded applications provided that
+support for the underlying OS threading API is built-in. For older versions of
+OpenSSL, the user must set mutex callbacks.
+
+OpenSSL may require thread cleanup in some cases, so that it won't leak memory.
+For example, if OpenSSL is linked statically then each thread that uses
+OpenSSL, or libcurl, will leak memory unless you call OPENSSL_thread_stop()
+before the thread terminates. This is a limitation of OpenSSL and not libcurl.
+Refer to OpenSSL's documentation:
+https://www.openssl.org/docs/man3.0/man3/OPENSSL_thread_stop.html#NOTES
 .SH "Signals"
 Signals are used for timing out name resolves (during DNS lookup) - when built
 without using either the c-ares or threaded resolver backends. On systems that