From 228a89d51e9b109d59dc018efb29ed0f65bec123 Mon Sep 17 00:00:00 2001
From: Juan RP <xtraeme@voidlinux.eu>
Date: Fri, 22 Apr 2016 11:32:34 +0200
Subject: [PATCH] Use pthread_once(3) to initialize openssl/libressl just once.

Fixes openssl initialization concurrently by multiple threads.
Close #167
---
 NEWS               |  3 +++
 lib/fetch/common.c | 20 +++++++++++++++-----
 2 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/NEWS b/NEWS
index c2c02c9e..2c978e13 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,8 @@
 xbps-0.52 (???):
 
+ * xbps-query(1): fix segfault in -Ro with HTTPS repositories.
+   Fixes #167. See https://github.com/voidlinux/xbps/issues/167
+
  * xbps-uhelper: the 'arch' target now supports the XBPS_ARCH
    and XBPS_TARGET_ARCH environmental variables to override the
    resulting architecture.
diff --git a/lib/fetch/common.c b/lib/fetch/common.c
index 49874d2e..2ae63671 100644
--- a/lib/fetch/common.c
+++ b/lib/fetch/common.c
@@ -934,8 +934,22 @@ fetch_ssl_cb_verify_crt(int verified, X509_STORE_CTX *ctx)
 	return (verified);
 }
 
+#include <pthread.h>
+
+static pthread_once_t ssl_init_once = PTHREAD_ONCE_INIT;
+
+static void
+ssl_init(void)
+{
+	/* Init the SSL library and context */
+	if (!SSL_library_init()){
+		fprintf(stderr, "SSL library init failed\n");
+		exit(-1);
+	}
+}
 #endif
 
+
 /*
  * Enable SSL on a connection.
  */
@@ -948,11 +962,7 @@ fetch_ssl(conn_t *conn, const struct url *URL, int verbose)
 	X509_NAME *name;
 	char *str;
 
-	/* Init the SSL library and context */
-	if (!SSL_library_init()){
-		fprintf(stderr, "SSL library init failed\n");
-		return (-1);
-	}
+	(void)pthread_once(&ssl_init_once, ssl_init);
 
 	SSL_load_error_strings();