On 9/25/2010 9:31 AM, Jayaraghavendran k wrote:
(a) Does OpenSSL plan to support this feature in any of it's future
releases? (Or does any of the releases already support it? I went
through the Change Logs, but couldn't find anything), If no, why not?
I can't answer whether there are any plans, but I doubt it. The reason
not to is that the library is not the right place to implement that kind
of logic.
(b) As far as I understand, the main problem with the parallel
SSL_read / SSL_write is renegotiation, i.e. a call to SSL_read can
lead to a send call and vice-versa, so, if I ensure I don't do
renegotiation at all (both sides use my application) then will the
code work fine?
No, it will still break. The SSL connection has one and only one state,
and you are trying to manipulate it from two places at the same time.
(c) I would also like to know the reason behind such a design
considering the fact that TCP supports parallel send / recv. Is it
enforced by the protocol design or any other design parameters forced
such a design?
This is how every other library works. TCP is an exception.
Take, for example, a typical string library. You can perform 'read'
operations (those that do not change state) from multiple threads to the
same string at the same time. But you would never expect the string
library to support two 'write' operations (those that do change state)
to be supported to the same string at the same time. If you did, say
'a+="A";' and 'a+="B";' at the same time in two different threads, you
wouldn't expect a sensible result.
Another problem is that there's basically no way OpenSSL could provide
this capability without a service thread. Consider if a blocking
SSL_read is terminated from another thread that calls a shutdown
function -- what thread is left to complete the SSL protocol shutdown?
TCP handles lingering data in the kernel with the kernel's own threads,
but OpenSSL can't do that. And unless you use a service thread per
connection in flux, you wind up in the very platform-specific world of
I/O multiplexing.
All of this can be done, but not sensibly inside OpenSSL.
DS
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org