[gnutls-devel] [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)

Nico Williams nico at cryptonector.com
Sun Dec 1 04:35:37 CET 2013

On Sat, Nov 30, 2013 at 8:50 PM, Andy Lutomirski <luto at amacapital.net> wrote:
> On Nov 30, 2013 6:46 PM, "Nico Williams" <nico at cryptonector.com> wrote:
>> A program using a TLS library might be threaded unwittingly.  What if the
>> TLS library wants to parallelize, say, AES counter mode computation and
>> starts worker threads for doing it?
> A library that starts threads for things like that should document it and
> offer a way to turn it off.

It's not just the TLS library.  It's about layered plugin software

The app might be threaded and the TLS library not know it.

The app might be single-threaded, but a plugin (e.g., PAM) might use
threads.  Does PAM say not to start threads in plugins?  Once you get
a complex-enough case you lose the ability to know for certain.  It's
best for fork() callers to _exit() or exec*() on the child-side of
fork().  Anyways, I'll settle self-initialization of the library, and
let callers that fork() and don't exec take their chances.


More information about the Gnutls-devel mailing list