On Fri, Sep 23, 2011, alok sharma wrote: > Hi, > The error message comes when we invoke SSL_accept() API. But taking > lock on it will affect performance as it performs network operation inside > this API (like client hello message and other). So if network is overloaded > then mutex hold time will be too large. I have observed that in worst case > it holds lock for around 5-6 mins.
You don't lock the SSL_accept API. In an multithreaded application OpenSSL needs to use locks internally to avoid race conditions. In order to do this an application needs to supply a set of locking callbacks which OpenSSL makes use of internally. The locking times should always be very short for these cases: they are typically used to ensure reference counts are incremented and decremented properly. If you don't set these up OpenSSL will be unstable in multithreaded applications: one symptom of this is how the FIPS PRNG behaves. For more details see the archives and documentation. For example: the "threads" manual page. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
