Threading OpenSSL

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Threading OpenSSL

Dusty Hendrickson
I am currently working on a project making use of SSL
connections via OpenSSL.  We need a stable thread-safe
SSL setup.  I currently know 3 things about OpenSSL
thread-safety:

1. Cannot share SSL connection amongst threads
2. Provide locking_function()
3. Provide id_function()

I am interested in hearing about any scenarios where
SSL cannot be threaded, or any further steps to take
to make it thread-safe.  Any feedback would be
appreciated.  Thanks

Dusty
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Threading OpenSSL

Cesc Santa
Hi,

I would say openssl is not thread-safe per se, but you can deal with it.
Write wrappers around the malloc/free functions to use shared memory,
to share objects among threads. Write thread-safe functions around the
ssl functions you need to access from multiple threads ...
For example code, openser.org comes to mind. In this sip proxy, tls
connections are used among various threads to send data ... take a
look, it may help.

Regards,

Cesc

On 8/28/05, Dusty Hendrickson <[hidden email]> wrote:

> I am currently working on a project making use of SSL
> connections via OpenSSL.  We need a stable thread-safe
> SSL setup.  I currently know 3 things about OpenSSL
> thread-safety:
>
> 1. Cannot share SSL connection amongst threads
> 2. Provide locking_function()
> 3. Provide id_function()
>
> I am interested in hearing about any scenarios where
> SSL cannot be threaded, or any further steps to take
> to make it thread-safe.  Any feedback would be
> appreciated.  Thanks
>
> Dusty
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Threading OpenSSL

Rich Salz
> Write wrappers around the malloc/free functions to use shared memory,
> to share objects among threads.

Hunh?

The whole point of threads is that they share the same address space, so
you don't need shared memory.  You might/do need locking, depending on
what you're doing.


        /r$
--
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Threading OpenSSL

JoelKatz
In reply to this post by Dusty Hendrickson

> I am currently working on a project making use of SSL
> connections via OpenSSL.  We need a stable thread-safe
> SSL setup.  I currently know 3 things about OpenSSL
> thread-safety:
>
> 1. Cannot share SSL connection amongst threads
> 2. Provide locking_function()
> 3. Provide id_function()

        You can share SSL connections amongst threads. You just can’t have two
threads access the same SSL connection at the same time. With a normal TCP
connection, you can call ‘read’ and ‘write’ at the same time from two
different threads. With an SSL connection, you cannot. Otherwise, SSL
connections are thread safe in the sense that you don’t have to always
access them from the same thread.

        DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]