[gnutls-devel] [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Nov 30 09:58:52 CET 2013


On Fri, 2013-11-29 at 18:03 -0600, Nico Williams wrote:

> > What do you mean it breaks fork? So far we had no issues with gnutls
> > and fork (and I use it on several projects like that). There could be
> > a bug, but I cannot find anything you reported on that.
> 
> It is not safe to use PKCS#11 on the child-side of fork() without
> first either a) calling C_Initialize() to re-initialize PKCS#11, or b)
> exec*() first.  Now, children of fork() are supposed to only call
> async-signal-safe functions, therefore PKCS#11 is out on the
> child-side of fork() anyways, but, the PKCS#11 docs also specifically
> describe PKCS#11 as fork-unsafe.

I was referring to his issue. As far as I understood he didn't use PKCS
#11 at all, so there should be no breakage. When ones uses PKCS #11 in
gnutls he is (currently) required to call gnutls_pkcs11_reinit() on a
fork.

regards,
Nikos





More information about the Gnutls-devel mailing list