[gnutls-devel] [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Dec 1 10:52:06 CET 2013
On Sat, 2013-11-30 at 20:03 -0600, Nico Williams wrote:
> - use a InitOnceInitialize/pthread_once interface to initialize once as needed
> (don't require that the caller initialize the library)
> - use a pthread_atfork() child-side handler to reinitialize all
> global state (all locks, ...), leaking all of it OR to set a flag,
> then abort() if called with this flag set
These are not a bad idea, and p11-kit (the library we use for PKCS #11)
already does that (at least partially as I understand to allow detection
of uninitialized modules - you cannot perform full pkcs11 module
reinitialization in the atfork handler). What is bad though is that we
get complaints that we require pthreads, something that makes some
slower and thread-safe libc algorithms to kick-in for applications that
don't need them. So every solution at this point has a catch.
regards,
Nikos
More information about the Gnutls-devel
mailing list