Dear Sirs, As I read OpenSSL 0.9.8b source tree, I found that i2d_X509() may call x509_name_encode(), which can modify common data structure (certificate data), without locking.
Because many SSL I/O function call ssl3_send_server_certificate() in handshaking phase, I worry that this may severely broke concurrency. CPU0: ssl3_accept => ssl3_send_server_certificate => ssl3_output_cert_chain (common cert with CPU1) => ... => x509_name_encode => BUF_MEM_grow (manipulate common cert) CPU1: ssl3_accept => ssl3_send_server_certificate => ssl3_output_cert_chain (common cert with CPU0) => ... => x509_name_encode => BUF_MEM_grow (manipulate common cert) Is my view right? If so, what's best approach to resolve this issue? Any comments are welcomed. Thanks in advance. -- Yang, Chul-woong [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
