No subject

Thu Apr 14 04:13:26 PDT 2011

''Despite the fact that the parameters supplied to C_Initialize can in
general allow for safe multi-threaded access to a Cryptoki library,
the behavior of C_Finalize is nevertheless undefined if it is called
by an application while other threads of the application are making
Cryptoki calls. The exception to this exceptional behavior of
C_Finalize occurs when a thread calls C_Finalize while another of the
application's threads is blocking on Cryptoki's C_WaitForSlotEvent
function. When this happens, the blocked thread becomes unblocked and
returns the value CKR_CRYPTOKI_NOT_INITIALIZED. at see C_WaitForSlotEvent
for more information.''

And Firefox (>=3D 3.5, <=3D 4.0, a leat) depends on that. Different
threads will be on different sockets, but as soon as one of them call
C_Finalize, all there other that are waiting for C_WaitForSlotEvent
should stop.

So a better model is probably:
- 1 process per application
- 1 thread per network client


Corentin Chary

More information about the p11-glue mailing list