You cannot share a single SSL connection across multiple threads (i.e., your reader and writer must be in the same thread). This is documented at http://www.openssl.org/support/faq.html#PROG1 thus:
1. Is OpenSSL thread-safe? Yes (with limitations: an SSL connection may not concurrently be used by multiple threads). On Windows and many Unix systems, OpenSSL automatically uses the multi-threaded versions of the standard libraries. If your platform is not one of these, consult the INSTALL file. Multi-threaded applications must provide two callback functions to OpenSSL by calling CRYPTO_set_locking_callback() and CRYPTO_set_id_callback(), for all versions of OpenSSL up to and including 0.9.8[abc...]. As of version 0.9.9, CRYPTO_set_id_callback() and associated APIs are deprecated by CRYPTO_THREADID_set_callback() and friends. This is described in the threads(3) manpage. -Kyle H On Wed, Aug 20, 2008 at 5:34 AM, vinni rathore <[EMAIL PROTECTED]> wrote: > Hello everyone, > > I am working with a VPN server and using openssl APIs to handle SSL on > Linux machine. > My server work fine with single client but it shows the segmentation > fault when i test it > with multiple clients. > > I have different threads in my server handling different > functionalities. Read and write threads are working > simultaneously sharing the same SSL structure. > The structure of my server is.. > > 1- initializing the openssl library. > 2. Context setup(certificates etc). > 3. TCP connection. > 4. SSL_new(ctx) > 5. ssl_set_fd.. > 6. ssl_accept(..) > 7. Result of the certificate verification... > 8. Starting the threads...Read and write.. > 9. Successful disconnection request from any of the connected client, > i am freeing the object memory of that particular connection.. > using SSL_clear(..)let pssl[j] so SSL_clear(pss[j]). > but i am not able to check whether pssl[j] as been freed or not.. > is there any way to check the structure values after SSL_clear(..) > I can not NULL the structure as i need rest of the ssl values that are > initialized during the start of the program.. > Or is it possible to use SSL_free() and then again reinitialize all > the SSL structure... with all values it needed... > > > Could anyone please suggest me how to use SSL structure for multiple > clients..?? > Waiting for the reply... > > Thanx in advance... > > -- > regards, > Vineeta Kumari > Software engg > Mobera Systems > Chandigarh > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
