Mark wrote:
Presumably you can use multiple threads for reading and writing as long
as you
ensure that they are not both calling an SSL function at the same time?
Function ???
The important aspect is the principal object/handle you are passing the
function. For most of the API that an application uses this would be
"SSL *" working on the same instance from 2 different threads at the
same time is never safe.
Working on different instances at the same time is safe (so long as you
provide/setup the necessary locking).
The locking is there to protect "OpenSSL internal/implementation detail
shared" structures only, for example the registration system for
EVP/hash/crypto types, the SSL session cache system and DSO/DLL global
variables.
Some operations are thread-safe like using SSL_CTX to create new SSL
handles from multiple-threads at the same time, I think SSL_new() is the
main example of that. You can use the same "SSL_CTX *" instance with
that call specifically, but if you use "SSL_CTX_xxxx()" familty of
method then you need to serialize access/usage to that "SSL_CTX *".
The point being that OpenSSL expects your application to use one thread
per handle, but has provision for the creation/destruction and SSL
session cache to scale well.
Something that has been raised before is that some applications want to
be able to SSL_read() from one thread and SSL_write() from another at
the same time to the same "SSL *" this it not allowed nor provided for.
It is also dubious anyway due to technicalities with
rekeying/renegotiation of the connection on the fly.
Mark wrote:
Does anyone have a definitive answer for this one? It could be a
massive
amount of work for me to rewrite the code if I have to switch to using
a single thread for read/write operations.
You mean like a GUI thread in GUI apps is the only thread allowed to
call GUI related methods. No OpenSSL requirement are not this hash and
can scale well with multi-threads going crypto.
I think Kyle understands this also but maybe didn't make the
multi-threaded restrictions clear.
Darryl
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
