Sebastián Treu wrote: > When talking about thead-safeness and the developer responsability. > Say that I implement static locking callbacks on my application with > non-blocking BIO.
Yes, you must implement the locking callbacks. OpenSSL uses them to provide the thread-safety guarantees it provides. > Should I still take care on having my own mutexes for locking access > to an SSL client structure while another thread can eventually access > to it with I/O OpenSSL functions? Yes. The locking callbacks are used by OpenSSL to protect its internals. They don't prevent you from screwing up. > Does this callbacks only locks specific OpenSSL structures internally > and should I be aware of locking when reading/writing from/to a > client? The lock internal structures, that is correct. > If this callbacks locks on a write operation, does this means that I > can't read until the lock is release although I'm reading from a > different client than i'm writing to? No, it doesn't. OpenSSL specifically permits concurrent operations on different objects. It uses the locks internally to make this work even if those distinct objects internally refer to the same underlying objects (for example, two SSL connections using the same context). > These 3 questions are related on each answer. If the callbacks are > only to lock internal structures that I/O operations (or anyone else) > uses, then I know that I must lock the specific client BIO and while > I'm reading/writing on this BIO another thread could be > reading/writing to another one. Just that internally maybe it will > block on accessing to OpenSSL structures by the callbacks mentioned > above. Is this how it works? You can access two different SSL connections at the same time. You do not need to lock the library as a whole. OpenSSL works just like every other user-space library, in fact, it works just like strings do. One thread can access one string while another thread accesses some other string. But one thread cannot read a string while another thread is or might be modifying that same string. And note that all BIO/SSL operations, even those with 'read' in their names are logically modification operations. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
