Glover Barker wrote: > > I'm implementing a multithreaded server using OpenSSL. Yes, you can create > one context > to be used among all threads. As far as synchronization, there is a > "threads" manual page > somewhere under www.openssl.org (which appears to be down at the moment, or > I'd be > more precise) that describes the issues. The FAQ gives a link to it. > > You do need to learn about the following: > CRYPTO_num_locks() > CRYPTO_set_locking_callback() > CRYPTO_set_id_callback() > > Having said that, the "threads" man page says that the above must be used > for any application that uses OpenSSL in multiple threads. But my cursory > examination of the source code implies that they are only utilized when you > explicitly use the session management routines, which I am not. Preferring > to be over-safe than under-safe, I am using them. >
They are used for more than just that. They are also used to ensure reference counting of shared structures (SSL_CTX, keys, certificates) is handled properly and error queues. It is essential that they are always used in a multi threaded application. Without them and application may seem to work but at some point bizarre hard to trace errors or crashes caused by race conditions are likely. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
