[gnutls-dev] Generating/regenerating params

Nikos Mavroyanopoulos nmav at gnutls.org
Tue Mar 9 19:38:53 CET 2004


On Tue, Mar 09, 2004 at 07:52:15AM -0500, Stephen Frost wrote:

> > >   What's the right way to do this?  Have multiple threads going and
> > >   still periodically regenerate the rsa/dh params without breaking
> > >   anything or leaking memory or anything?  Is it safe to just init the
> > >   rsa/dh params and then just change them with generate2 or import_raw?
> > >   Will that break existing connections or other threads which are
> > >   setting up their connections?  Do I still need to call set_XX_params?
> > Currently there is no easy way to renew that parameters in multithreaded 
> > applications. I was thinking into adding functions or callbacks to set those 
> > parameters per session. Would this solve your problem?
> I *think* I've stumbled across a reasonable solution for the moment.
> From what I can tell, params are only used during setup/handshake.  What
> I've done is basically lock around the setup/handshake routine and just
> generate/reread/cache the params before setup/handshake and then free
> them after.  There's currently no function to free the params when
> they're stored inside the credentials structure so I have to track the
> params pointers seperately (not that big a deal since they're only
> needed through one function which does the setup/handshake, but it'd be
> nice if there was way to free *just* the params in the credentials
> struct).
You don't have too free them there, since only a pointer is stored.
I'll update that api in the next gnutls development release, so that
parameters could be obtained on the fly (using a callback or something).

> Do you see any problem with this approach?
It should work.

> BTW: I'm not too inclined to agree with the 'thread-safe' feature claim
> on the webpage. :)
Why is that?

> 	Stephen

-- 
Nikos Mavroyanopoulos



More information about the Gnutls-dev mailing list