On Wed, Nov 09, 2005, Steffen Fiksdal wrote:
Hi!
I have a library using openssl 0.9.8 that is accessed by several threads.
One function verifies a certificate, and in that function I call
X509_verify_cert().
In a few occations the function returns 0, and the failure occures in the
file "rsa_pk1.c" on line number 100.
I tried to do a mutex around the X509_verify_cert call and never
experienced the error.
Now I believe I have set up threading properly with CRYPTO_num_locks()
number of mutexes with a proper locking callback with
CRYPTO_set_locking_callback().
I use *a* lot of openssl in my library and have tested it extensively for
threading issues.
This problem is the only threading issue I can se at the moment.
Any ideas what I do wrong?
It is possible the cause is the X509_PUBKEY_get() function which I've noticed
has a possible race condition when several threads initially try to get the
certificate public key and try to decode it.
Can you try placing a mutex round the X509_get_pubkey() call in x509_cmp.c to
see if that is the cause?
I mutexed the call with CRYPTO_w_lock/CRYPTO_w_unlock, but the error still
pops up from time to time.
I am investigating, and will come back when I find out what happens.
Best regards
Steffen Fiksdal
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
