Frank wrote:
William A. Rowe, Jr. wrote:
Nick Kew wrote:
[...]
An SSL_CTX can't be cross-threaded. If the scope of use of that CTX is
restricted to one thread at a time, then yes, OpenSSL has been threadsafe
for a very very long time.
You mean if I were able to create one SSL_CTX for every thread then I do
not have to use the both thread-safe-maker callbacks?
I dont think this is true. But correct my understanding too if I am
wrong. Cross-threaded might confuse someone into thinking there maybe
some "apartment threading rules" to obey, there isn't.
"An SSL *" can't have a method invoked on the same instance at the same
time. So long as you serialize your method calls (SSL_xxxx() family) to
that same instance; any thread can call that method. It is unusual to
need to do so.
But "SSL_CTX *" is the template context specifically designed to be
shared and used across multiple-threads if needs be, providing you make
correct use of the 'CRYPTO_set_locking_callback' and
'CRYPTO_set_id_callback' and friends as part of your application
initialization. This allows for (amongst other things) the obviously
parallel usage of SSL_new(SSL_CTX *) when creating new connections.
Maybe the openssl-users list would be a better place for assistance.
Darryl
