calling SSL_library_init multiple times

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

calling SSL_library_init multiple times

Jagannadha Bhattu
Hi,

Can I call SSL_library_init multiple times in my code under different threads? From the documented return values, I conclude that it should be possible. Can some one confirm it?

Thanks
JB

Reply | Threaded
Open this post in threaded view
|

Re: calling SSL_library_init multiple times

Nils Larsch
Jagannadha Bhattu G wrote:
> Hi,
>
> Can I call SSL_library_init multiple times in my code under different
> threads?

as SSL_library_init() initializes global tables it should only
be called from one thread a time and of course no other thread
should use the global data while SSL_library_init() is running.
Ideally it should be run once before the threads using ssl are
created.

> From the documented return values,

it always returns 1 but this doesn't mean it's reentrant

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: calling SSL_library_init multiple times

dsf-2
In reply to this post by Jagannadha Bhattu
> Jagannadha Bhattu G <[hidden email]>:

> Hi,
>
> Can I call SSL_library_init multiple times in my code
under different
> threads? From the documented return values, I
conclude that it should be
> possible. Can some one confirm it?
>
> Thanks
> JB
>


Yes it's possible. I'm doing like this for now... , but
I'm not shure whether this is correct...


//wbr - Andrew
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: calling SSL_library_init multiple times

Jagannadha Bhattu
In reply to this post by Nils Larsch
Thanks Nils and Andrew for the replies.

-JB

On 2/27/06, Nils Larsch <[hidden email]> wrote:
Jagannadha Bhattu G wrote:
> Hi,
>
> Can I call SSL_library_init multiple times in my code under different
> threads?

as SSL_library_init() initializes global tables it should only
be called from one thread a time and of course no other thread
should use the global data while SSL_library_init() is running.
Ideally it should be run once before the threads using ssl are
created.

> From the documented return values,

it always returns 1 but this doesn't mean it's reentrant

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: calling SSL_library_init multiple times

Randy Turner
In reply to this post by Jagannadha Bhattu

The first sentence of the explanation below seems to infer that its ok to call ssl_library_init() from each thread that might want to access the SSL library.

 

I don’t think that’s what was intended.

 

I think the last sentence is more accurate – if you have a multi-threaded application, and you’ve “hooked” the static and dynamic mutex functions to allow OpenSSL to correctly operate in a multi-threaded environment, then SSL_library_init() should only be called once, during application initialization. This single call will initialize the library for all threads. This is my interpretation of from what I have gleaned from the docs and sources.

 

Randy

 


From: [hidden email] [mailto:[hidden email]] On Behalf Of Jagannadha Bhattu G
Sent: Tuesday, February 28, 2006 1:42 AM
To: [hidden email]
Subject: Re: calling SSL_library_init multiple times

 

Thanks Nils and Andrew for the replies.

-JB

On 2/27/06, Nils Larsch <[hidden email]> wrote:

Jagannadha Bhattu G wrote:
> Hi,
>
> Can I call SSL_library_init multiple times in my code under different
> threads?

as SSL_library_init() initializes global tables it should only
be called from one thread a time and of course no other thread
should use the global data while SSL_library_init() is running.
Ideally it should be run once before the threads using ssl are
created.

> From the documented return values,

it always returns 1 but this doesn't mean it's reentrant

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

 

Reply | Threaded
Open this post in threaded view
|

Extract Issuer / Subject from X509 certificate

Ambarish Mitra
Dear all,
 
I have an application, which reads a presented certificate in stream. For example, the following is the input:
 
 
-----BEGIN CERTIFICATE-----MIIFUjCC. .. .. .Fk71GQ==-----END CERTIFICATE-----
 
 
Given such an input, I have to extract the subject and the issuer (and possibly serial number). Is there any API for this? If anyone can at least give me the initial first steps, it will be helpful.
 
 
Best regards,
Ambarish.
Reply | Threaded
Open this post in threaded view
|

Re: Extract Issuer / Subject from X509 certificate

Kyle Hamilton
The stream is supposed to contain linefeeds.  Otherwise, this is
called "PEM-encoded DER" format, and the PEM functions will work to
get the data quite nicely.

-Kyle H

On 3/1/06, Ambarish Mitra <[hidden email]> wrote:

>
> Dear all,
>
> I have an application, which reads a presented certificate in stream. For
> example, the following is the input:
>
>
> -----BEGIN CERTIFICATE-----MIIFUjCC. .. .. .Fk71GQ==-----END
> CERTIFICATE-----
>
>
> Given such an input, I have to extract the subject and the issuer (and
> possibly serial number). Is there any API for this? If anyone can at least
> give me the initial first steps, it will be helpful.
>
>
> Best regards,
>
> Ambarish.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Extract Issuer / Subject from X509 certificate

Brian Candler
In reply to this post by Ambarish Mitra
On Wed, Mar 01, 2006 at 05:38:36PM +0530, Ambarish Mitra wrote:
>    Given such an input, I have to extract the subject and the issuer (and
>    possibly serial number). Is there any API for this? If anyone can at
>    least give me the initial first steps, it will be helpful.

Try using the openssl command line tool first:

    openssl x509 -in foo.pem -noout -subject -issuer -serial

If that works for you, then you can use the source code of the x509 tool
itself as your guide to using the openssl API. Or if you're really lazy, you
can shell out to 'openssl' and parse the response you get back.

HTH,

Brian.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Extract Issuer / Subject from X509 certificate

Ambarish Mitra

The "openssl" command line tool works fine. However, I have to use this in a
C program. Therefore I was asking the API function name which can extract
these information from within the C code.



-----Original Message-----
From: Brian Candler [mailto:[hidden email]]
Sent: Wednesday, March 01, 2006 6:02 PM
To: Ambarish Mitra
Cc: [hidden email]
Subject: Re: Extract Issuer / Subject from X509 certificate


On Wed, Mar 01, 2006 at 05:38:36PM +0530, Ambarish Mitra wrote:
>    Given such an input, I have to extract the subject and the issuer (and
>    possibly serial number). Is there any API for this? If anyone can at
>    least give me the initial first steps, it will be helpful.

Try using the openssl command line tool first:

    openssl x509 -in foo.pem -noout -subject -issuer -serial

If that works for you, then you can use the source code of the x509 tool
itself as your guide to using the openssl API. Or if you're really lazy, you
can shell out to 'openssl' and parse the response you get back.

HTH,

Brian.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Extract Issuer / Subject from X509 certificate

Brian Candler
On Wed, Mar 01, 2006 at 06:06:22PM +0530, Ambarish Mitra wrote:
> The "openssl" command line tool works fine. However, I have to use this in a
> C program. Therefore I was asking the API function name which can extract
> these information from within the C code.

$ cd openssl-0.9.8a/apps
$ less x509.c
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: calling SSL_library_init multiple times

Jagannadha Bhattu
In reply to this post by Randy Turner
Hi Randy,

Thanks for the effort and the reply. I have changed the design of my library interface to the applications to include a init call so that I do not need to worry about this.

Warm regards
JB

On 2/28/06, Randy Turner <[hidden email]> wrote:

The first sentence of the explanation below seems to infer that its ok to call ssl_library_init() from each thread that might want to access the SSL library.

 

I don't think that's what was intended.

 

I think the last sentence is more accurate – if you have a multi-threaded application, and you've "hooked" the static and dynamic mutex functions to allow OpenSSL to correctly operate in a multi-threaded environment, then SSL_library_init() should only be called once, during application initialization. This single call will initialize the library for all threads. This is my interpretation of from what I have gleaned from the docs and sources.

 

Randy

 


From: [hidden email] [mailto:[hidden email]] On Behalf Of Jagannadha Bhattu G
Sent: Tuesday, February 28, 2006 1:42 AM
To: [hidden email]
Subject: Re: calling SSL_library_init multiple times

 

Thanks Nils and Andrew for the replies.

-JB

On 2/27/06, Nils Larsch <[hidden email]> wrote:

Jagannadha Bhattu G wrote:
> Hi,
>
> Can I call SSL_library_init multiple times in my code under different
> threads?

as SSL_library_init() initializes global tables it should only
be called from one thread a time and of course no other thread
should use the global data while SSL_library_init() is running.
Ideally it should be run once before the threads using ssl are
created.

> From the documented return values,

it always returns 1 but this doesn't mean it's reentrant

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 <a href="http://www.openssl.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]