-- FrÃdÃric Giudicelli http://www.newpki.org
Alberto Alonso wrote:
Changing the code to use one SSL_CTX per thread is a large task because of the complexity of the whole system.
The initialization code is probably easier to look at:
I use:
extern pthread_mutex_t *ggsyscom_ssllock_cs; extern long *ggsyscom_ssllock_count;
which are defined on the main.c file as global.
Then, there is an initialization function that gets call at the beginning of main which has (among other things):
int numlocks = 600;
ggsyscom_ssllock_cs = OPENSSL_malloc(numlocks * sizeof(pthread_mutex_t)); ggsyscom_ssllock_count = OPENSSL_malloc(numlocks * sizeof(long)); for(i=0; i<numlocks; i++) { ggsyscom_ssllock_count[i] = 0; pthread_mutex_init(&(ggsyscom_ssllock_cs[i]),NULL); }
CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id); CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
Note that I'm setting numlocks to 600 rather than its defined value just for testing.
And here is pthreads_locking_callback
static void pthreads_locking_callback(int mode, int type, char *file,int line) { if (mode & CRYPTO_LOCK) { pthread_mutex_lock(&(ggsyscom_ssllock_cs[type])); ggsyscom_ssllock_count[type]++; } else { pthread_mutex_unlock(&(ggsyscom_ssllock_cs[type])); } }
Thanks for the help,
Alberto
On Fri, 2004-02-20 at 17:54, FrÃdÃric Giudicelli wrote:
I assume Stephen mentionned EVP_CIPHER_CTX because he wasn't sure which "ctx" you were talking about.
I can garantee you that shared SSL_CTX work fine, as long as the mutexes are initialized the proper way.
Did you try to use one SSL_CTX per thread to see if it worked ? If you have a problem with this setup then it must be coming from your code, and you might want to post your initialization code in the NG.
Regards,
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
