[gnutls-devel] [Andy Lutomirski] Re: [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)
nmav at gnutls.org
Wed Nov 27 00:28:07 PST 2013
On Wed, Nov 27, 2013 at 9:12 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> hey gnutls and p11-kit folks--
> this message came up on the IETF TLS WG list, as a particular complaint
> about the relationship between gnutls and pkcs11 making it more
> difficult to use gnutls than it should be.
> I'm not sure if there is anything concrete to address here (or if there
> is, if it would be doable without API or ABI breakage), but i just
> wanted to make sure that the developers are aware that the concern has
> been aired publicly. If the concern can be addressed and fixed, that
> would be great.
> If you think the concern raised is a misconception, or if there is a
> particular way to avoid the implied risks with forking or
> multithreading, i would be happy to relay any relevant clarifications to
> the TLS WG.
I didn't bother to reply as I didn't understand what was his point.
As far as I understood he claimed that he could not call
gnutls_global_init() simultaneously on all the threads of his process.
As this is documented I didn't understand what he really thought it
was bug. At best he could make a feature request.
One of the things gnutls_global_init() does is to setup the mutex
locks, so obviously it cannot be called by many threads at once.
(btw. I'm working on a different design for global_init in 3.3, but
I'll bring that up on a different thread later).
More information about the p11-glue