Package: curl Version: 7.52.1-5+deb9u7 Building an application on Stretch using libcurl in a multithreaded manner accessing https URLs will result in random crashes. Setting up the OpenSSL locks required by 1.0.2 (CRYPTO_set_id_callback() and CRYPTO_set_locking_callback()) is complicated by the fact that the system OpenSSL headers and library is 1.1, and that the application ends up depending on multiple versions of libcrypto. It may simply be a matter of rebuilding libcurl to link against 1.1, as work to support 1.1 in libcurl started in 2014. Otherwise the OpenSSL wiki (https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes#cURL ) mentions a single required change: "SSL_SESSION->ssl_version. Replaced with SSL_version(SSL *)".
See alsohttps://curl.haxx.se/libcurl/c/threadsafe.html . Kind regards, Jerome St-Louis
