From: Gleb Esman <[EMAIL PROTECTED]>
A few comments:
gesman> // This is each thread's code..
gesman> {
gesman> // SSL initialization code.
gesman> SSLeay_add_ssl_algorithms (); <---*****(1)
gesman> pSslMethod = SSLv2_client_method (); <---*****(2)
gesman> SSL_load_error_strings (); <---*****(1)
gesman> pSslContext = SSL_CTX_new (pSslMethod); // NULL:error<-*(2)
(1) These are really only mean to be used ONCE for the whole
application. The ssl algorithm table and the error message table
is global. But yes, locking is done inside those loaders, and I
don't think (although I haven't checked more than reading the
source for now) it does more than replaces the entries with the
same error code over and over...
(2) Create on context per thread? A little overkill, no? You
normally need only one SSL context for each kind of connection you
will do or accept...
gesman> // Cleanup and exit.
gesman> if (pSsl) SSL_shutdown (pSsl);
gesman>
gesman> iRetCode = shutdown (sSocket, SD_BOTH);
gesman> closesocket (sSocket);
gesman> if (pSsl) SSL_free (pSsl);
THAT sequence gives me the creaps (sp?). You see, the fd's you
declared earlier with SSL_set_fd() got "registered" in the SSL
structure through a couple of BIOs. SSL_free() will fo a
BIO_free_all() on those, and BIO_free_all() will most definitely try
to close the socket... that you already closed and shut down and
everything. I can understand the need to do a shutdown() and
closesocket() yourself, but in that case you have to tell the BIOs
that they should not close the fd, like this:
BIO_set_close(SSL_get_rbio(pSsl,BIO_NOCLOSE);
BIO_set_close(SSL_get_wbio(pSsl,BIO_NOCLOSE);
At least, that's what I understand of the whole thing (I've got pretty
slim knowlege of the SSL part of OpenSSL, but am learning fast right
now...).
gesman> if (pSslContext) SSL_CTX_free (pSslContext);
That wouldn't be needed if you stayed with only one.
As I understand an SSL context, they basically serve as a template for
the SSL structure that you have to create per thread...
I'll check your code more closely tomorrow or some time during the
weekend.
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-161 43 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
