> David, > > > I assume this a reason why OpenSSL has the locking callback > > > functions.
> > No. OpenSSL has the locking callback functions so it can > > protect internal > > structures. For example, if two SSL objects internally reference the > > objects. > I am still confused as to why the locking callbacks would protect > internal > structures but not allow access of the SSL objects from different > threads > at the same time (i.e. SSL_read() and SSL_write()). Because that's how OpenSSL is coded. This is pretty much the same as every other library. > > > As long as you use these it is safe to share the object AFAIK. > > > > Then when wouldn't it be safe to share the object? The > > locking callback functions are required for all multithreaded > > applications or > > else OpenSSL can't protect its internal state. > Sorry. I'm not sure what you are saying here. I don't know how I can be clearer. OpenSSL uses the locking functions to protect its own state from corruption that the application can't easily anticipate. This is the same as pretty much every other library, so I'm not sure why it's so confusing. For example, a string library will typically not allow you to modify a string in one thread while you're accessing that same string in the other thread. However, if the string library internally uses a private memory pool, it will use its own locks to make that safe, so you can assign a new value to two different string objects at the same time and the private memory pool won't be corrupted. Every sophisticated library that supports multi-threaded access has to draw the balance somewhere. The usual rule is that the caller has to lock anything that's obviously visible to it (such as concurrent use of the same high-level object) and the library handles locking on anything not visible to the caller (such as concurrent use of some internal library detail the caller isn't supposed to have to know about). OpenSSL's session cache is an "internal detail" in this sense. The library locks it all by itself (like a private memory pool in my string class example). But the SSL object is a high-level object whose sanity is supposed to be managed by the caller (like an individual string object in my string class example). DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
