RE: Multi Threaded questions
Sad Clouds wrote: > > 1) According to the FAQ, "an SSL connection may not concurrently be > > used by multiple threads". Does this mean that an SSL connection can > > be used by different threads provided access is limited to one at a > > time? > I assume that having a mutex for each SSL object would prevent it from > being concurrently used by multiple threads. So this should be OK. Yes, that works. However, you can't use blocking operations in that case. Otherwise, a thread trying to write to the connection would be blocked potentially for ever as some other thread blocked trying to read from the connection held the connection lock. > However do you really need to use multiple concurrent threads with the > same SSL object? Think of it as a TCP socket, each thread has a list of > open sockets, or SSL objects, there is no need to share it with other > threads. Actually, it's pretty common to do that with TCP connections. You may have one thread that's blocked trying to read from the connection all the time while another thread tries write to the connection as it discovers data that needs to be sent. You can't do this with OpenSSL. (At least, not precisely the same way.) DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSLv23_method in OpenSSL 1.0.0
On Sun, Apr 18, 2010 at 07:09:09PM +0100, Luigi Auriemma wrote: > I have noticed that a client ssl connection initialized with the > classical SSLv23_method no longer works in OpenSSL 1.0.0. Postfix TLS client SSL context is always created via: SSL_CTX *client_ctx = SSL_CTX_new(SSLv23_client_method()) The Postfix TLS client works with OpenSSL 1.0.0. Note however, that the Postfix TLS client also enables bug work-arounds via SSL_OP_ALL. SSL_CTX_set_options(client_ctx, SSL_OP_ALL) This includes: SSL_OP_LEGACY_SERVER_CONNECT which is needed to allow new clients to connect to old servers. > Can you confirm this problem? No, but perhaps you neglected to enable SSL_OP_LEGACY_SERVER_CONNECT, which may be required in your case. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SSLv23_method in OpenSSL 1.0.0
Hey, I have noticed that a client ssl connection initialized with the classical SSLv23_method no longer works in OpenSSL 1.0.0. This has been tested on both Windows (mingw) and Linux and both connecting to a v2 and v3 server with the same result, while there is no problem using it with OpenSSL 0.9.8n or using SSLv2_method and SSLv3_method separately. Obviously all the used libraries have been compiled from scratch using the default settings (./Configure gcc ; make). Can you confirm this problem? Thanx in advance --- Luigi Auriemma http://aluigi.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org