[gnutls-devel] [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)
luto at amacapital.net
Sun Dec 1 03:50:56 CET 2013
On Nov 30, 2013 6:46 PM, "Nico Williams" <nico at cryptonector.com> wrote:
> On Saturday, November 30, 2013, Andy Lutomirski wrote:
>> On Nov 30, 2013 6:03 PM, "Nico Williams" <nico at cryptonector.com> wrote:
>> > Yes, nothing should fork() and try to use a non-async-signal-safe
>> > interface on the child-side of the fork.
>> Huh? It should be entirely safe for a single-threaded program to open a
TLS connection, close it, fork, and open another connection.
>> The async-signal-safe-only thing applies to multithreaded programs only.
> A program using a TLS library might be threaded unwittingly. What if the
TLS library wants to parallelize, say, AES counter mode computation and
starts worker threads for doing it?
A library that starts threads for things like that should document it and
offer a way to turn it off.
This is especially true for CTR mode stuff. The last thing a heavily
threaded, multiple connection program wants is for its TLS library to start
> In a layered software case (involving complex plugins, say) you quickly
lose control over whether the process is threaded.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel