thread safety in gnutls [was: Re: Handshake and verification]

Daniel Kahn Gillmor dkg at
Wed Dec 9 17:34:57 CET 2009

On 12/09/2009 11:28 AM, lfinsto at wrote:
> Yes, it now works without locking the mutex (which I've removed entirely).


> I'll try installing the newest version of the gcrypt library and removing
> the code for explicitly initializing the secure memory, but I won't be
> able to work on that today.

no worries. i think the gcrypt folks would rather that your app
explicitly initialized the secure memory anyway, rather than relying on
their default internal initialization.

the gcrypt NEWS file says:

Noteworthy changes in version 1.4.3 (2008-09-18)

 * Try to auto-initialize Libgcrypt to minimize the effect of
   applications not doing that correctly.  This is not a perfect
   solution but given that many applicationion would totally fail
   without such a hack, we try to help at least with the most common
   cases.  Folks, please read the manual to learn how to properly
   initialize Libgcrypt!

Glad it's working for you now, anyway.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091209/9e9ded54/attachment.pgp>

More information about the Gnutls-devel mailing list