[gnutls-devel] [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)
luto at amacapital.net
Sat Nov 30 00:35:43 CET 2013
On Thu, Nov 28, 2013 at 1:10 AM, Nikos Mavrogiannopoulos
<nmav at redhat.com> wrote:
> On Wed, 2013-11-27 at 17:54 -0600, Nico Williams wrote:
>> All of this is off-topic for this list. I'll post a reply anyways, and
>> I apologize to the list.
>> On Tue, Nov 19, 2013 at 10:24:03PM -0800, Andy Lutomirski wrote:
>> > [...]. gnutls_global_init is documented as being
>> > unsafe if called from multiple threads, which seems silly.
>> Initialization is not thread-safe in OpenSSL either. This is a terrible
>> thing. It *can* be made thread-safe, so there's no excuse for it not
>> being thread-safe.
> I don't understand why this is an issue since it is documented. If a
> function (like a global initialization function) is supposed to create
> the mutexes for the rest of the library functions it cannot be expected
> to be thread safe; at least in a portable way since static
> initialization of mutexes is not a portable thing.
> Nevertheless, even if you really need to call a global initialization
> function in every thread you create (I really don't see why), you can
> simply call it in a locked mutex.
No, I can't. I occasionally use libraries, and those libraries in
turn use GnuTLS. Requiring those libraries to force their users to
synchronize their initialization of GnuTLS sucks.
If GnuTLS really must use global state in a manner that isn't
transparent to its users, it should get the synchronization right.
Any self-respecting pthreads implementation should implement
PTHREAD_MUTEX_INITIALIZER in such a way that it constant-initializes
its data, making it completely safe. An even better solution would be
to use pthread_once.
More information about the Gnutls-devel