[openssl-users] X509_STORE manipulations and thread-safety

[Salz, Rich]

> Is it safe to have a thread reload trusted certificates and crls into a SSL_CTX's X509_STORE while connections are running in other threads, especially when considering renegotiations?

As a general rule, multi-thread simultaneous access doesn't work and will often make things go ka-boom.  But generally ongoing connections use SSL objects, not SSL_CTX, so a brief locking scheme should be okay.  Objects are copied and ref-counted when an SSL is created from an SSL_CTX...

--  
Senior Architect, Akamai Technologies
IM: richsalz at jabber.at Twitter: RichSalz