Hi David, On Wed, Nov 11, 2009 at 6:02 PM, David Schwartz <dav...@webmaster.com> wrote: > > Sebastián Treu wrote: > >> When talking about thead-safeness and the developer responsability. >> Say that I implement static locking callbacks on my application with >> non-blocking BIO. > > Yes, you must implement the locking callbacks. OpenSSL uses them to provide > the thread-safety guarantees it provides. > > >> Should I still take care on having my own mutexes for locking access >> to an SSL client structure while another thread can eventually access >> to it with I/O OpenSSL functions? > > Yes. The locking callbacks are used by OpenSSL to protect its internals. > They don't prevent you from screwing up. > > >> Does this callbacks only locks specific OpenSSL structures internally >> and should I be aware of locking when reading/writing from/to a >> client? > > The lock internal structures, that is correct. > > >> If this callbacks locks on a write operation, does this means that I >> can't read until the lock is release although I'm reading from a >> different client than i'm writing to? > > No, it doesn't. OpenSSL specifically permits concurrent operations on > different objects. It uses the locks internally to make this work even if > those distinct objects internally refer to the same underlying objects (for > example, two SSL connections using the same context). > >> These 3 questions are related on each answer. If the callbacks are >> only to lock internal structures that I/O operations (or anyone else) >> uses, then I know that I must lock the specific client BIO and while >> I'm reading/writing on this BIO another thread could be >> reading/writing to another one. Just that internally maybe it will >> block on accessing to OpenSSL structures by the callbacks mentioned >> above. Is this how it works? > > You can access two different SSL connections at the same time. You do not > need to lock the library as a whole. OpenSSL works just like every other > user-space library, in fact, it works just like strings do. One thread can > access one string while another thread accesses some other string. But one > thread cannot read a string while another thread is or might be modifying > that same string. > > And note that all BIO/SSL operations, even those with 'read' in their names > are logically modification operations. > > DS
Excellent explanation, as usual. Thank you very much. Regards, -- If you want freedom, compile the source. Get gentoo. Sebastián Treu http://labombiya.com.ar ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
