[gnutls-devel] [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Dec 1 10:52:06 CET 2013

On Sat, 2013-11-30 at 20:03 -0600, Nico Williams wrote:

>  - use a InitOnceInitialize/pthread_once interface to initialize once as needed
>    (don't require that the caller initialize the library)
>  - use a pthread_atfork() child-side handler to reinitialize all
> global state (all locks, ...), leaking all of it OR to set a flag,
> then abort() if called with this flag set

These are not a bad idea, and p11-kit (the library we use for PKCS #11)
already does that (at least partially as I understand to allow detection
of uninitialized modules - you cannot perform full pkcs11 module
reinitialization in the atfork handler). What is bad though is that we
get complaints that we require pthreads, something that makes some
slower and thread-safe libc algorithms to kick-in for applications that
don't need them. So every solution at this point has a catch.


More information about the Gnutls-devel mailing list