> > be aware that SSL BIO's (and (SSL*) sessions!) are 'threadsafe' > > in the sense that OpenSSL *assumes* a (SSL *) or > > /any/ BIO remains inside a single thread from the moment it > > becomes 'active', i.e. is set up / is going to do some work.
This is completely incorrect. It's totaly nonsense. > As you pointed out, "the IOCP model does NOT tie a socket to a single > thread." In fact, I will likely have four worker threads receiving > traffic off the wire, hopefully supporting many thousands of > simultaneous client sessions, and each client session consisting of > multiple command/data submissions. Thus, it is most likely that all > of the submissions from a single client session will NOT hit the same > worker thread in my application. That's what I do as well. > I have extended the OVERLAPPED object in my app to include things such > as session state, and was planning to include a TLSWrapper object > there (encapsulates SSL* m_ssl, BIO_pair, etc...) as well so that each > client submission during a session will get the same SSL* object. > However, this implies that various threads may work on one of my SSL* > object during the life of a client session. It sounds like you are > saying this is not going to work? Note, my app guarantees any m_ssl > object will NOT get picked up by two threads simultaneously, so any > given m_ssl object will only get touched by one thread at a time. This is 100% perfectly fine. You must provide your own locks to synchronize access to the SSL session object, unlike a TCP connection where the kernel provides them. > But are you saying the SSL* object ties itself to the specific thread > that set it up? That doesn't make sense to me, so I'm hoping that I'm > just reading too much into your statement. Otherwise, it sounds like > I would have to setup and tear down the SSL objects every time a > client submits data to my app during a single session? (could be > hundreds or thousands of separate client submissions during the life > of a single client session) No, it's not a problem. OpenSSL is completely thread safe so long as two threads do not try to directly manipulate the same object at the same time. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
