Re: [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)
Andy Lutomirski <luto@amacapital.net> Fri, 29 November 2013 23:36 UTC
Return-Path: <luto@amacapital.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A1831ADF76 for <tls@ietfa.amsl.com>; Fri, 29 Nov 2013 15:36:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0TsaxUtYn9WQ for <tls@ietfa.amsl.com>; Fri, 29 Nov 2013 15:36:05 -0800 (PST)
Received: from mail-vc0-f173.google.com (mail-vc0-f173.google.com [209.85.220.173]) by ietfa.amsl.com (Postfix) with ESMTP id 8A8FD1AE087 for <tls@ietf.org>; Fri, 29 Nov 2013 15:36:05 -0800 (PST)
Received: by mail-vc0-f173.google.com with SMTP id ia6so7145529vcb.32 for <tls@ietf.org>; Fri, 29 Nov 2013 15:36:03 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=yhtfrdgPIOcIO4GtPrZnPAiMm9XRvLO4KlU6JdWy3tQ=; b=fPMoMA+B/HqEpOaJcnZW14g3FP86yTHrglzxp6ej+DCbhr502NNJKiIkWZjSXGBdtc dW5wf8FGzq+7I115PLn34xRGJfQ33ekpI+DwAOwAdMbuWNW7lDq5J6Zv21YbXkOqcO74 rDG3yQWMZnp7BLW5Ni2io0Hu+wpCPehHgOeHy4GoiSe8RfdBSrMPFRWfg12NZ6AHrY7B rNfLNG3CVmceWGpE2wlfBZ02hJHGNbNAylDopCLYpQFDQIzllZGhidzyZ1ejeMNjCk9p 3r78VHGmL5pQzft5B+4A34w1Yw4ACISpc9ZNi3mgBEZrghnfLswyk5AhIScwfBGxOWeR YjVw==
X-Gm-Message-State: ALoCoQkO5W5eJopTg3/RCk+HPYazGgFxbar+KhbbpS0HapSh5vZIYVUmy3zHBFNaVnMgORQ8kOmi
X-Received: by 10.52.98.132 with SMTP id ei4mr138541vdb.62.1385768163628; Fri, 29 Nov 2013 15:36:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.58.8.18 with HTTP; Fri, 29 Nov 2013 15:35:43 -0800 (PST)
In-Reply-To: <1385629830.23418.8.camel@dhcp-2-127.brq.redhat.com>
References: <CAPMEXDbgp5+Gg6mkMWNrcOzmAbSpv3kjftGV0cjpqvMnRxpw=A@mail.gmail.com> <44D7624E-75D8-47D3-93BF-97427206E800@iki.fi> <CACsn0c=9GrO21ECZczB2zft3bVODcc=1ZRp3pG22c-rrDfTPXQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C711DAEEE373@USMBX1.msg.corp.akamai.com> <528AD194.9060003@amacapital.net> <528AD326.8080908@kirils.com> <CAM_a8Jy_x-qZFdpxsLMnFjuYeAJBwqNqQLrnsAcf05GU5PuJfw@mail.gmail.com> <528BBD84.60700@amacapital.net> <528C4332.9060806@funwithsoftware.org> <CALCETrU0sN+dUGQ60v96hndKx_=7xUpgmxATtDVPJ3DqyGnbqA@mail.gmail.com> <20131127235451.GW21240@localhost> <1385629830.23418.8.camel@dhcp-2-127.brq.redhat.com>
From: Andy Lutomirski <luto@amacapital.net>
Date: Fri, 29 Nov 2013 15:35:43 -0800
Message-ID: <CALCETrWDOiNg9At4J_F3EEPW7MPcszSnzBSqpNyHNKd8VZn-eQ@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: Patrick Pelletier <code@funwithsoftware.org>, "tls@ietf.org" <tls@ietf.org>, GnuTLS development list <gnutls-devel@lists.gnutls.org>
Subject: Re: [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Nov 2013 23:36:07 -0000
On Thu, Nov 28, 2013 at 1:10 AM, Nikos Mavrogiannopoulos <nmav@redhat.com> wrote: > On Wed, 2013-11-27 at 17:54 -0600, Nico Williams wrote: >> All of this is off-topic for this list. I'll post a reply anyways, and >> I apologize to the list. >> >> On Tue, Nov 19, 2013 at 10:24:03PM -0800, Andy Lutomirski wrote: >> > [...]. gnutls_global_init is documented as being >> > unsafe if called from multiple threads, which seems silly. >> Initialization is not thread-safe in OpenSSL either. This is a terrible >> thing. It *can* be made thread-safe, so there's no excuse for it not >> being thread-safe. > Hello, > I don't understand why this is an issue since it is documented. If a > function (like a global initialization function) is supposed to create > the mutexes for the rest of the library functions it cannot be expected > to be thread safe; at least in a portable way since static > initialization of mutexes is not a portable thing. > > Nevertheless, even if you really need to call a global initialization > function in every thread you create (I really don't see why), you can > simply call it in a locked mutex. No, I can't. I occasionally use libraries, and those libraries in turn use GnuTLS. Requiring those libraries to force their users to synchronize their initialization of GnuTLS sucks. If GnuTLS really must use global state in a manner that isn't transparent to its users, it should get the synchronization right. Any self-respecting pthreads implementation should implement PTHREAD_MUTEX_INITIALIZER in such a way that it constant-initializes its data, making it completely safe. An even better solution would be to use pthread_once. --Andy
- [TLS] This working group has failed Watson Ladd
- [TLS] Deployment ... Re: This working group has f… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Taylor Hornby
- Re: [TLS] This working group has failed SM
- Re: [TLS] This working group has failed Ralph Holz
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] Deployment ... Re: This working group h… Yoav Nir
- Re: [TLS] Deployment ... Re: This working group h… Hannes Tschofenig
- Re: [TLS] This working group has failed Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Mark Nottingham
- Re: [TLS] Deployment ... Re: This working group h… Kyle Hamilton
- Re: [TLS] Deployment ... Re: This working group h… Juho Vähä-Herttua
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Salz, Rich
- Re: [TLS] Deployment ... Re: This working group h… Andrei Popov
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Watson Ladd
- Re: [TLS] Deployment ... Re: This working group h… Geoffrey Keating
- Re: [TLS] Deployment ... Re: This working group h… Michael Staubermann
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Joshua Davies
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Kirils Solovjovs
- Re: [TLS] Deployment ... Re: This working group h… Andy Wilson
- Re: [TLS] Deployment ... Re: This working group h… Marsh Ray
- Re: [TLS] Deployment ... Re: This working group h… Ralf Skyper Kaiser
- Re: [TLS] Deployment ... Re: This working group h… Ben Laurie
- [TLS] TLS protocol version intolerance [Was: Re: … Ivan Ristić
- Re: [TLS] Deployment ... Re: This working group h… Zooko Wilcox-OHearn
- Re: [TLS] TLS protocol version intolerance [Was: … Michael Sweet
- Re: [TLS] TLS protocol version intolerance [Was: … Eric Rescorla
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- Re: [TLS] Deployment ... Re: This working group h… Andy Lutomirski
- Re: [TLS] Deployment ... Re: This working group h… Martin Rex
- [TLS] multiple clients in one process (was: Re: D… Patrick Pelletier
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski
- Re: [TLS] multiple clients in one process (was: R… Daniel Kahn Gillmor
- Re: [TLS] multiple clients in one process (was: R… Nico Williams
- Re: [TLS] multiple clients in one process (was: R… Nikos Mavrogiannopoulos
- Re: [TLS] multiple clients in one process (was: R… Andy Lutomirski