Re: Newbie dev questions

Glover Barker Tue, 04 Dec 2001 15:59:22 -0800


Thanks for the clarification!



                                                                                 
                    Dr S N Henson                                                
                    <[EMAIL PROTECTED]>           To:                              
                    Sent by:                     [EMAIL PROTECTED]       
                    owner-openssl-users@o       cc:                              
                    penssl.org                  Subject:     Re: Newbie dev      
                                                 questions                       
                                                                                 
                    12/04/2001 06:18 PM                                          
                    Please respond to                                            
                    openssl-users                                                
                                                                                 
                                                                                 




Glover Barker wrote:
>
> I'm implementing a multithreaded server using OpenSSL.  Yes, you can
create
> one context
> to be used among all threads.  As far as synchronization, there is a
> "threads" manual page
> somewhere under www.openssl.org (which appears to be down at the moment,
or
> I'd be
> more precise) that describes the issues. The FAQ gives a link to it.
>
> You do need to learn about the following:
>     CRYPTO_num_locks()
>     CRYPTO_set_locking_callback()
>     CRYPTO_set_id_callback()
>
> Having said that, the "threads" man page says that the above must be used
> for any application that uses OpenSSL in multiple threads.  But my
cursory
> examination of the source code implies that they are only utilized when
you
> explicitly use the session management routines, which I am not.
Preferring
> to be over-safe than under-safe, I am using them.
>

They are used for more than just that. They are also used to ensure
reference counting of shared structures (SSL_CTX, keys, certificates) is
handled properly and error queues. It is essential that they are always
used in a multi threaded application. Without them and application may
seem to work but at some point bizarre hard to trace errors or crashes
caused by race conditions are likely.

Steve.
--
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Gemplus: http://www.gemplus.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Re: Newbie dev questions

Reply via email to