[gnutls-devel] [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)

Andy Lutomirski luto at amacapital.net
Sun Dec 1 03:50:56 CET 2013


On Nov 30, 2013 6:46 PM, "Nico Williams" <nico at cryptonector.com> wrote:
>
>
> On Saturday, November 30, 2013, Andy Lutomirski wrote:
>>
>> On Nov 30, 2013 6:03 PM, "Nico Williams" <nico at cryptonector.com> wrote:
>> > Yes, nothing should fork() and try to use a non-async-signal-safe
>> > interface on the child-side of the fork.
>>
>> Huh?  It should be entirely safe for a single-threaded program to open a
TLS connection, close it, fork, and open another connection.
>>
>> The async-signal-safe-only thing applies to multithreaded programs only.
>
>
> A program using a TLS library might be threaded unwittingly.  What if the
TLS library wants to parallelize, say, AES counter mode computation and
starts worker threads for doing it?

A library that starts threads for things like that should document it and
offer a way to turn it off.

This is especially true for CTR mode stuff.  The last thing a heavily
threaded, multiple connection program wants is for its TLS library to start
threads.

--Andy

>
> In a layered software case (involving complex plugins, say) you quickly
lose control over whether the process is threaded.
>
> Nico
> --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20131130/81cc2699/attachment.html>


More information about the Gnutls-devel mailing list