[gnutls-devel] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)
Andy Lutomirski
luto at amacapital.net
Wed Nov 20 07:24:03 CET 2013
On Tue, Nov 19, 2013 at 9:05 PM, Patrick Pelletier
<code at funwithsoftware.org> wrote:
> On 11/19/13, 11:35 AM, Andy Lutomirski wrote:
>
>> - Support multiple clients in the same process linked against the same
>> library without causing those clients to interfere with each other
>> (hello, GnuTLS).
>
>
> What's the issue that GnuTLS has with this? I'm more familiar with the
> issue OpenSSL has, namely that it requires threading callbacks to be set, so
> each client in the same process is going to be stomping on the same set of
> global callbacks. I'd thought GnuTLS was better about global state, but
> maybe there's something I've missed.
>
GnuTLS has gnutls_pkcs11_init, which is rather impolite -- it
manipulates global state, and it sometimes causes things to
malfunction after forking. gnutls_global_init is documented as being
unsafe if called from multiple threads, which seems silly.
(As an even more off-topic aside, how is there nothing better than
pkcs11 for interfacing with abstract keys?)
> Also, I thought Botan wasn't good on this point either, since it requires a
> LibraryInitializer object to be created, and (I thought) it doesn't support
> more than one LibraryInitializer existing at once.
No clue -- I've never used it.
--Andy
--
Andy Lutomirski
AMA Capital Management, LLC
More information about the Gnutls-devel
mailing list