httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darryl Miles <>
Subject Re: Creating a thread safe module and the problem of calling of 'CRYPTO_set_locking_callback' twice!
Date Wed, 06 Dec 2006 13:46:00 GMT
Frank wrote:
> William A. Rowe, Jr. wrote:
>> Nick Kew wrote:
>> [...]
>> An SSL_CTX can't be cross-threaded.  If the scope of use of that CTX is
>> restricted to one thread at a time, then yes, OpenSSL has been threadsafe
>> for a very very long time.
> You mean if I were able to create one SSL_CTX for every thread then I do 
> not have to use the both thread-safe-maker callbacks?

I dont think this is true.  But correct my understanding too if I am 
wrong.  Cross-threaded might confuse someone into thinking there maybe 
some "apartment threading rules" to obey, there isn't.

"An SSL *" can't have a method invoked on the same instance at the same 
time.  So long as you serialize your method calls (SSL_xxxx() family) to 
that same instance; any thread can call that method.  It is unusual to 
need to do so.

But "SSL_CTX *" is the template context specifically designed to be 
shared and used across multiple-threads if needs be, providing you make 
correct use of the 'CRYPTO_set_locking_callback' and 
'CRYPTO_set_id_callback' and friends as part of your application 
initialization.  This allows for (amongst other things) the obviously 
parallel usage of SSL_new(SSL_CTX *) when creating new connections.

Maybe the openssl-users list would be a better place for assistance.


View raw message