forking new process when calling gnutls_global_init() function

Haidar Habib h.habib at gmail.com
Wed Feb 20 14:38:49 CET 2008


Hi Werner,

> The procersses are all supposed to be sort-lived - they should not stay
> for a long time.  If they this is a bug in that utility or we call it
> with options which make it run too long.

The process is not short-lived i.e. its remain as long as the original
process which created it is alive.



> To help you I need to know the name or the program used to exec that
> process.  It would also be helpful if you can tell us a bit more verbose
> what your problem is and describe the environment.  For example what
> created the output you posted, etc.

lets say our process name is dfn_tls. When we run this process and then
 do ps -aef we get the following output.

  haidar 24069 24068  0 17:53:54 ttyp1     0:00 ./dfn_tls clientDfn.cfg
  haidar 24068 23117  0 17:53:51 ttyp1     0:04 ./dfn_tls clientDfn.cfg

Here PID 24068 is our original process and 24068 is the child process
created by 24068.

Following is the code snipate where some gnutls and gcrypt function
has been called.
After debugging we have seen that whenever gnutls_global_init() is
called the new process is spawned.

We are using HP-UX JOSH B.11.11 U 9000/785 3695850352 unlimited-user
license machine.

If I kill process 24068 then also our process is running fine with
intact TLS functionality.

void init(string cafile, string certfile, string keyfile)
{
   gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
   int ret;	
   if( (ret=gnutls_global_init()) < 0)
    {
	cout<<"TLS initialization error. "<<gnutls_strerror(ret);
   }
  /*allocate*/
   if ((ret = gnutls_certificate_allocate_credentials(&_cert_cred)) < 0)
   {
	cout<<"TLS memory error."<<gnutls_strerror(ret);
   }

  /*Now add all security files in TLS*/
  /*CA file*/
  if (cafile != "null")
  {
             if ((gnutls_certificate_set_x509_trust_file(_cert_cred,
cafile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
	{
		cout<<"Error reading :"<< cafile;
		cout<<""<<gnutls_strerror(ret);
	}
   }
  /*Certificate*/
  if (certfile != "null")
  {
  	if ((gnutls_certificate_set_x509_key_file(_cert_cred,
certfile.c_str(), keyfile.c_str(), GNUTLS_X509_FMT_PEM)) < 0)
	{
		cout<<"Error reading, certficate file,"<< certfile;
		cout<<"with key file,"<< keyfile;
		cout<<""<<gnutls_strerror(ret);
	}
  }
}


Regards,
Haidar


On Feb 20, 2008 12:05 AM, Werner Koch <wk at gnupg.org> wrote:
> On Tue, 19 Feb 2008 14:05, h.habib at gmail.com said:
>
> > So one way of avoiding this is to kill the new process which has been created.
> > Can you pls let us know will there be any problem if we kill the new
> > process which is created.
>
> The procersses are all supposed to be sort-lived - they should not stay
> for a long time.  If they this is a bug in that utility or we call it
> with options which make it run too long.
>
> To help you I need to know the name or the program used to exec that
> process.  It would also be helpful if you can tell us a bit more verbose
> what your problem is and describe the environment.  For example what
> created the output you posted, etc.
>
> If you don't want to send this to a public mailing list, you may
> consider to hire a consultant (cf. http://www.gnupg.org/service.html).
>
>
> Shalom-Salam,
>
>
>   Werner
>
>
> --
> Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.
>
>



-- 
With regards,
Md. Haidar Habib
Senior Software Engineer
haidar.habib at aricent.com
Aricent
Gurgaon
Cell- 09350042332



More information about the Gcrypt-devel mailing list