[gnutls-dev] Generating/regenerating params
Nikos Mavroyanopoulos
nmav at gnutls.org
Tue Mar 9 19:38:53 CET 2004
On Tue, Mar 09, 2004 at 07:52:15AM -0500, Stephen Frost wrote:
> > > What's the right way to do this? Have multiple threads going and
> > > still periodically regenerate the rsa/dh params without breaking
> > > anything or leaking memory or anything? Is it safe to just init the
> > > rsa/dh params and then just change them with generate2 or import_raw?
> > > Will that break existing connections or other threads which are
> > > setting up their connections? Do I still need to call set_XX_params?
> > Currently there is no easy way to renew that parameters in multithreaded
> > applications. I was thinking into adding functions or callbacks to set those
> > parameters per session. Would this solve your problem?
> I *think* I've stumbled across a reasonable solution for the moment.
> From what I can tell, params are only used during setup/handshake. What
> I've done is basically lock around the setup/handshake routine and just
> generate/reread/cache the params before setup/handshake and then free
> them after. There's currently no function to free the params when
> they're stored inside the credentials structure so I have to track the
> params pointers seperately (not that big a deal since they're only
> needed through one function which does the setup/handshake, but it'd be
> nice if there was way to free *just* the params in the credentials
> struct).
You don't have too free them there, since only a pointer is stored.
I'll update that api in the next gnutls development release, so that
parameters could be obtained on the fly (using a callback or something).
> Do you see any problem with this approach?
It should work.
> BTW: I'm not too inclined to agree with the 'thread-safe' feature claim
> on the webpage. :)
Why is that?
> Stephen
--
Nikos Mavroyanopoulos
More information about the Gnutls-dev
mailing list