On Mon, Mar 21, 2011 at 08:49:09PM -0700, Claus Assmann wrote:
> On Mon, Mar 21, 2011, Victor Duchovni wrote:
>
> > Can you explain a bit more clearly why you can't initialize an
> > integer index or two when the application starts?
>
> I can, but that's not the problem. Here's an example:
> initialize:
> SSL_load_error_strings(); ...
> ssl_ctx = SSL_CTX_new();
> myidx = SSL_CTX_get_ex_new_index();
>
> set up and start two client instances:
> a_ctx1->a_ssl_ctx = ssl_ctx;
> a_ctx2->a_ssl_ctx = ssl_ctx;
> client(a_ctx1);
> client(a_ctx2);
> (as threads so they run concurrently)
>
> client() has some code like this:
> SSL_CTX_set_ex_data(a_ctx->a_ssl_ctx, myidx, a_ctx->cb_arg);
No, don't do that, the SSL_CTX application context object is global.
Why do you want to tweak it the context of an individual connection.
You should be modifying the SSL object, not the SSL_CTX object. Postfix
has:
SSL_set_ex_data(TLScontext->con, TLScontext_index, TLScontext)
> which means the "last call wins" to actually sets the application
> context for SSL_CTX, right?
Yes, but what are you trying to do? The SSL_CTX is clearly shared
application state, not per-session state.
> However, the API works ok if:
> - different SSL_CTXs are used
> - callbacks are only set for SSL which are different for each
> client() invocation anyway.
>
> This means for the common use case the method should work properly.
So, what's the problem?
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
