I did this

Performed a GET request on an HTTPS URL in a forked child process on OSX. When doing so, libCURL crashes in preference-related xpc call. This is specific to Darwin/SecureTransport and only happens if the request is performed in the forked child process, not in the master.

I expected the following

I expected the download to complete without errors, but it segfaults instead. Just like https://sourceforge.net/p/curl/bugs/1446/ describes. Crashdump: https://gist.github.com/julik/79129b30275b275b30fcf79e8e99f854

Related issues in other projects (all libCURL dependents, all show the issue):

taf2/curb#239 (comment)
taf2/curb#202
aws/aws-sdk-php#737
facebook/hhvm#6189
toland/patron#72

I think this previous issue did not mention the crucial repro detail: the crash will only happen if you perform the request in a forked child process. I am positive in my case the CURL handle gets allocated within the child process and does not get copied. Consequently, all scripting environments/VMs that use forking (like web servers, web server application server adapters, job queue engines and so forth) are very likely to exhibit this issue.

curl/libcurl version

 curl 7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport zlib/1.2.5

When building newer curl via homebrew the problem persists unless curl is forcibly switched to build against OpenSSL instead of SecureTransport. I.e. this one works:

 curl 7.48.0 (x86_64-apple-darwin15.4.0) libcurl/7.48.0 OpenSSL/1.0.2g zlib/1.2.5

operating system

OSX 10.11 (Darwin 15.4.0) and 10.10, both observed.