diff -p -u -r unbound-1.4.16.orig/daemon/daemon.c unbound-1.4.16/daemon/daemon.c
--- unbound-1.4.16.orig/daemon/daemon.c	2012-01-10 22:07:16.000000000 +0700
+++ unbound-1.4.16/daemon/daemon.c	2012-10-26 02:34:35.000000000 +0700
@@ -203,6 +203,10 @@ daemon_init(void)
 	comp_meth = (void*)SSL_COMP_get_compression_methods();
 #endif
 	(void)SSL_library_init();
+#if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
+	if(!ub_openssl_lock_init())
+		fatal_exit("could not init openssl locks");
+#endif
 #ifdef HAVE_TZSET
 	/* init timezone info while we are not chrooted yet */
 	tzset();
@@ -555,6 +559,9 @@ daemon_delete(struct daemon* daemon)
 	ERR_remove_state(0);
 	ERR_free_strings();
 	RAND_cleanup();
+#if defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
+	ub_openssl_lock_delete();
+#endif
 	checklock_stop();
 #ifdef USE_WINSOCK
 	if(WSACleanup() != 0) {
diff -p -u -r unbound-1.4.16.orig/util/net_help.c unbound-1.4.16/util/net_help.c
--- unbound-1.4.16.orig/util/net_help.c	2011-11-11 01:44:06.000000000 +0700
+++ unbound-1.4.16/util/net_help.c	2012-10-26 02:34:35.000000000 +0700
@@ -691,3 +691,54 @@ void* outgoing_ssl_fd(void* sslctx, int
 	}
 	return ssl;
 }
+
+/** global lock list for openssl locks */
+static lock_basic_t *ub_openssl_locks = NULL;
+
+/** callback that gets thread id for openssl */
+static unsigned long
+ub_crypto_id_cb(void)
+{
+	return (unsigned long)ub_thread_self();
+}
+
+static void
+ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file),
+	int ATTR_UNUSED(line))
+{
+	if((mode&CRYPTO_LOCK)) {
+		lock_basic_lock(&ub_openssl_locks[type]);
+	} else {
+		lock_basic_unlock(&ub_openssl_locks[type]);
+	}
+}
+
+int ub_openssl_lock_init(void)
+{
+#ifdef OPENSSL_THREADS
+	size_t i;
+	ub_openssl_locks = (lock_basic_t*)malloc(
+		sizeof(lock_basic_t)*CRYPTO_num_locks());
+	if(!ub_openssl_locks)
+		return 0;
+	for(i=0; i<CRYPTO_num_locks(); i++) {
+		lock_basic_init(&ub_openssl_locks[i]);
+	}
+	CRYPTO_set_id_callback(&ub_crypto_id_cb);
+	CRYPTO_set_locking_callback(&ub_crypto_lock_cb);
+#endif /* OPENSSL_THREADS */
+	return 1;
+}
+
+void ub_openssl_lock_delete(void)
+{
+#ifdef OPENSSL_THREADS
+	size_t i;
+	if(!ub_openssl_locks)
+		return;
+	for(i=0; i<CRYPTO_num_locks(); i++) {
+		lock_basic_destroy(&ub_openssl_locks[i]);
+	}
+#endif /* OPENSSL_THREADS */
+}
+
diff -p -u -r unbound-1.4.16.orig/util/net_help.h unbound-1.4.16/util/net_help.h
--- unbound-1.4.16.orig/util/net_help.h	2011-10-31 21:48:48.000000000 +0700
+++ unbound-1.4.16/util/net_help.h	2012-10-26 02:34:35.000000000 +0700
@@ -363,4 +363,15 @@ void* incoming_ssl_fd(void* sslctx, int
  */
 void* outgoing_ssl_fd(void* sslctx, int fd);
 
+/**
+ * Initialize openssl locking for thread safety
+ * @return false on failure (alloc failure).
+ */
+int ub_openssl_lock_init(void);
+
+/**
+ * De-init the allocated openssl locks
+ */
+void ub_openssl_lock_delete(void);
+
 #endif /* NET_HELP_H */