[gnutls-devel] [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)
Nikos Mavrogiannopoulos
nmav at redhat.com
Thu Nov 28 10:10:30 CET 2013
On Wed, 2013-11-27 at 17:54 -0600, Nico Williams wrote:
> All of this is off-topic for this list. I'll post a reply anyways, and
> I apologize to the list.
>
> On Tue, Nov 19, 2013 at 10:24:03PM -0800, Andy Lutomirski wrote:
> > [...]. gnutls_global_init is documented as being
> > unsafe if called from multiple threads, which seems silly.
> Initialization is not thread-safe in OpenSSL either. This is a terrible
> thing. It *can* be made thread-safe, so there's no excuse for it not
> being thread-safe.
Hello,
I don't understand why this is an issue since it is documented. If a
function (like a global initialization function) is supposed to create
the mutexes for the rest of the library functions it cannot be expected
to be thread safe; at least in a portable way since static
initialization of mutexes is not a portable thing.
Nevertheless, even if you really need to call a global initialization
function in every thread you create (I really don't see why), you can
simply call it in a locked mutex.
> > GnuTLS has gnutls_pkcs11_init, which is rather impolite -- it
> > manipulates global state, and it sometimes causes things to
> > malfunction after forking. [...]
> PKCS#11 is by definition fork-unsafe (see the PKCS#11 docs).
It requires some reinitialization on every fork. Again if that is
documented it can be made to work. I agree, it is a PITA to handle
though.
regards,
Nikos
More information about the Gnutls-devel
mailing list