On Fri, Dec 08, 2006 at 01:26:53AM +0200, Alon Bar-Lev wrote: > On 12/8/06, Joe Orton <[EMAIL PROTECTED]> wrote: > >You say the KDE QCA code can be used as a library. So in that case: > >what happens when both QCA code and some other pkcs11h_*-using code are > >linked into the same process, and both register a token prompt hook? > > > >There can only be one callback registered for the process so it can't be > >handled by both the QCA code and any other user, right? > > True. > And what happens if I register OpenSSL locking hooks, modify its > engines unloading alogirthmim while using neon?
You discover why process-global state in the OpenSSL libraries is bad? :) > Or application that uses pkcs11-helper, and decides to access the > PKCS#11 provider directly? > > Or using operating system to read/write files and access directly to > /dev/sda? Right! These are exactly the same class of problem - a hardware resource for which you need to arbitrate shared access. The solution is always the same: you invent an abstraction layer and arbitrate access through an intermediary. "the filesystem" is the abstraction used to share access to disks, the OS arbitrates as the intermediary. "the X Window System" is an abstraction used to arbitrate access to the display+IO devices: a daemon (the X server) acts as the intermediary and apps talk to that daemon via a library over a socket. That's exactly analogous to the idea I talked about by no coincidence. Regards, joe _______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
