[gnutls-devel] [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)

Nico Williams nico at cryptonector.com
Sun Dec 1 03:07:35 CET 2013

On Sat, Nov 30, 2013 at 3:03 AM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On Fri, 2013-11-29 at 15:46 -0800, Andy Lutomirski wrote:
>> In any case, getting this right on pthreads systems would be a major
>> improvement over getting it wrong everywhere.
> Right or wrong is in the eye of the beholder. A documented behavior is a
> documented behavior (rather than right or wrong), and calling
> gnutls_global_init() on each and every thread is not only unsafe but a
> waste of resources.

No, in this case it's clear that not self-initializing automatically is "wrong".

Again, the canonical example is something like PAM, or the name
service switch -- plugin interfaces where more than one plugin might
want to use your utility library: a TLS library in this case, and TLS
being as ubiquitous as it is, this example does in fact come up.  This
is an aspect of DLL Hell.  You can make DLL Hell less painful by
removing the race to initialize, either by making it safe to race to
initialize, or by removing the need to initialize.  Since you can
remove the need to initialize (on every modern OS, on every modern
architecture), and since that simplifies your API *and* your docs,
that's clearly the way to go.

> Indeed, I can fix the unsafe part with static initializers, and I'll try
> to, but that will not fix the waste of resources.

What waste of resources?


More information about the Gnutls-devel mailing list