Paul Sheer, 2008-01-29: > Let's say you have 1600 clients. Let's say that you have 40 threads, and > each thread > handles 40 connections. Now let's say that each thread initializes it's own > SSL_CTX structure. > > The SSL_CTX structure contains most of the data required for SSL > functionality. > Because each SSL_CTX structure has one-and-only-one thread accessing it, > there can be no contention within the SSL_CTX structure's data. > > ...
This behavior, by itself, does not necessary guarantee that your OpenSSL library code won't race against itself, won't corrupt its own data, or crash (hint: learn about the MySQL case, search the archives). IMHO, your approach is clearly wrong: your app's fate is relying on undocumented behavior. It could "work" with a few OpenSSL library versions; but internal, sentitive behavior could change in future versions. Hence, I don't consider this a good engineering practice. I won't argue with you about using the library in an undocumented manner; but I *do* think it'd be interesting to get some real quantitative data: we could use it as a basis to discuss possible future library modifications, more compatible with your requests. Leandro ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]