Hi,
The error message comes when we invoke SSL_accept() API. But taking
lock on it will affect performance as it performs network operation inside
this API (like client hello message and other). So if network is overloaded
then mutex hold time will be too large. I have observed that in worst case
it holds lock for around 5-6 mins.
Regards,
Alok
On Fri, Sep 23, 2011 at 5:04 PM, Dr. Stephen Henson <st...@openssl.org>wrote:
> On Fri, Sep 23, 2011, alok sharma wrote:
>
> > I am using the openssl fips version for my application.So, I have not
> made
> > any change in openssl or Fips code. Just enabling fips and using SSL API
> > exposed for client server model. But through debugger I have found that
> my
> > application is crashing giving error message inside Fips_rand() at
> following
> > line.
> >
>
> You do not need to change the OpenSSL or the FIPS code. If your application
> is
> multithreaded you *MUST* set up a proper locking callback or OpenSSL will
> not
> function properly. This applies to FIPS and non-FIPS applications.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
