IETF Logo Mail Archive

Re: [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)

Andy Lutomirski <luto@amacapital.net> Fri, 29 November 2013 23:36 UTC

Return-Path: <luto@amacapital.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A1831ADF76 for <tls@ietfa.amsl.com>; Fri, 29 Nov 2013 15:36:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.979
X-Spam-Level:
X-Spam-Status: No, score=-1.979 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0TsaxUtYn9WQ for <tls@ietfa.amsl.com>; Fri, 29 Nov 2013 15:36:05 -0800 (PST)
Received: from mail-vc0-f173.google.com (mail-vc0-f173.google.com [209.85.220.173]) by ietfa.amsl.com (Postfix) with ESMTP id 8A8FD1AE087 for <tls@ietf.org>; Fri, 29 Nov 2013 15:36:05 -0800 (PST)
Received: by mail-vc0-f173.google.com with SMTP id ia6so7145529vcb.32 for <tls@ietf.org>; Fri, 29 Nov 2013 15:36:03 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=yhtfrdgPIOcIO4GtPrZnPAiMm9XRvLO4KlU6JdWy3tQ=; b=fPMoMA+B/HqEpOaJcnZW14g3FP86yTHrglzxp6ej+DCbhr502NNJKiIkWZjSXGBdtc dW5wf8FGzq+7I115PLn34xRGJfQ33ekpI+DwAOwAdMbuWNW7lDq5J6Zv21YbXkOqcO74 rDG3yQWMZnp7BLW5Ni2io0Hu+wpCPehHgOeHy4GoiSe8RfdBSrMPFRWfg12NZ6AHrY7B rNfLNG3CVmceWGpE2wlfBZ02hJHGNbNAylDopCLYpQFDQIzllZGhidzyZ1ejeMNjCk9p 3r78VHGmL5pQzft5B+4A34w1Yw4ACISpc9ZNi3mgBEZrghnfLswyk5AhIScwfBGxOWeR YjVw==
X-Gm-Message-State: ALoCoQkO5W5eJopTg3/RCk+HPYazGgFxbar+KhbbpS0HapSh5vZIYVUmy3zHBFNaVnMgORQ8kOmi
X-Received: by 10.52.98.132 with SMTP id ei4mr138541vdb.62.1385768163628; Fri, 29 Nov 2013 15:36:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.58.8.18 with HTTP; Fri, 29 Nov 2013 15:35:43 -0800 (PST)
In-Reply-To: <1385629830.23418.8.camel@dhcp-2-127.brq.redhat.com>
References: <CAPMEXDbgp5+Gg6mkMWNrcOzmAbSpv3kjftGV0cjpqvMnRxpw=A@mail.gmail.com> <44D7624E-75D8-47D3-93BF-97427206E800@iki.fi> <CACsn0c=9GrO21ECZczB2zft3bVODcc=1ZRp3pG22c-rrDfTPXQ@mail.gmail.com> <2A0EFB9C05D0164E98F19BB0AF3708C711DAEEE373@USMBX1.msg.corp.akamai.com> <528AD194.9060003@amacapital.net> <528AD326.8080908@kirils.com> <CAM_a8Jy_x-qZFdpxsLMnFjuYeAJBwqNqQLrnsAcf05GU5PuJfw@mail.gmail.com> <528BBD84.60700@amacapital.net> <528C4332.9060806@funwithsoftware.org> <CALCETrU0sN+dUGQ60v96hndKx_=7xUpgmxATtDVPJ3DqyGnbqA@mail.gmail.com> <20131127235451.GW21240@localhost> <1385629830.23418.8.camel@dhcp-2-127.brq.redhat.com>
From: Andy Lutomirski <luto@amacapital.net>
Date: Fri, 29 Nov 2013 15:35:43 -0800
Message-ID: <CALCETrWDOiNg9At4J_F3EEPW7MPcszSnzBSqpNyHNKd8VZn-eQ@mail.gmail.com>
To: Nikos Mavrogiannopoulos <nmav@redhat.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: Patrick Pelletier <code@funwithsoftware.org>, "tls@ietf.org" <tls@ietf.org>, GnuTLS development list <gnutls-devel@lists.gnutls.org>
Subject: Re: [TLS] multiple clients in one process (was: Re: Deployment ... Re: This working group has failed)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Nov 2013 23:36:07 -0000

On Thu, Nov 28, 2013 at 1:10 AM, Nikos Mavrogiannopoulos
<nmav@redhat.com> wrote:
> On Wed, 2013-11-27 at 17:54 -0600, Nico Williams wrote:
>> All of this is off-topic for this list.  I'll post a reply anyways, and
>> I apologize to the list.
>>
>> On Tue, Nov 19, 2013 at 10:24:03PM -0800, Andy Lutomirski wrote:
>> >                     [...].  gnutls_global_init is documented as being
>> > unsafe if called from multiple threads, which seems silly.
>> Initialization is not thread-safe in OpenSSL either.  This is a terrible
>> thing.  It *can* be made thread-safe, so there's no excuse for it not
>> being thread-safe.
> Hello,
>  I don't understand why this is an issue since it is documented. If a
> function (like a global initialization function) is supposed to create
> the mutexes for the rest of the library functions it cannot be expected
> to be thread safe; at least in a portable way since static
> initialization of mutexes is not a portable thing.
>
> Nevertheless, even if you really need to call a global initialization
> function in every thread you create (I really don't see why), you can
> simply call it in a locked mutex.

No, I can't.  I occasionally use libraries, and those libraries in
turn use GnuTLS.  Requiring those libraries to force their users to
synchronize their initialization of GnuTLS sucks.

If GnuTLS really must use global state in a manner that isn't
transparent to its users, it should get the synchronization right.

Any self-respecting pthreads implementation should implement
PTHREAD_MUTEX_INITIALIZER in such a way that it constant-initializes
its data, making it completely safe.  An even better solution would be
to use pthread_once.


--Andy

v2.23.0 | Report a Bug | By Email