[gnutls-devel] [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)

Nico Williams nico at cryptonector.com
Sun Dec 1 03:46:51 CET 2013

On Saturday, November 30, 2013, Andy Lutomirski wrote:

> On Nov 30, 2013 6:03 PM, "Nico Williams" <nico at cryptonector.com<javascript:_e({}, 'cvml', 'nico at cryptonector.com');>>
> wrote:
> > Yes, nothing should fork() and try to use a non-async-signal-safe
> > interface on the child-side of the fork.
> Huh?  It should be entirely safe for a single-threaded program to open a
> TLS connection, close it, fork, and open another connection.
> The async-signal-safe-only thing applies to multithreaded programs only.

A program using a TLS library might be threaded unwittingly.  What if the
TLS library wants to parallelize, say, AES counter mode computation and
starts worker threads for doing it?

In a layered software case (involving complex plugins, say) you quickly
lose control over whether the process is threaded.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20131130/9a9f7527/attachment.html>

More information about the Gnutls-devel mailing list