Question about thread safety and SSL_CTX* and its SSL*
Thomas Bailleux
thomas.bailleux at sandboxquantum.com
Tue Sep 27 16:35:47 UTC 2022
Hello OpenSSL.
I know that thread safety in OpenSSL is a much discussed topic. I have read several GitHub issues[1], Stack Overflow threads[2], and I have read the blog paper[3] too.
However, I am still facing issues when I use `SSL_CTX` and `SSL` objects.
I use `SSL_CTX` and `SSL` inside a threaded application. Threads are managed using pthread primitives.
Basically, I create a `SSL_CTX`, and I fill it depending on the TLS method.
At this point, the `SSL_CTX` is final. I never change it again.
Then, I create n `SSL`s from the `SSL_CTX`, and I spawn n pthreads. Each pthread takes the ownership of a single `SSL`. Finally, each
pthread is going to use its `SSL` object for establishing some TLS connections.
`SSL` objects never get destroyed, instead I use `SSL_clear` for kind of recycling them.
My question is: Is my app thread safe ? I wonder, because I am facing random null deref.
If I create a `SSL_CTX` for each thread, everything is fine.
Best regards,
Thomas B.
[1] https://github.com/openssl/openssl/issues/2165 <https://github.com/openssl/openssl/issues/2165>
[2] https://stackoverflow.com/questions/40583314/ssl-new-thread-safe-or-not <https://stackoverflow.com/questions/40583314/ssl-new-thread-safe-or-not>
[3] https://www.openssl.org/blog/blog/2017/02/21/threads/ <https://www.openssl.org/blog/blog/2017/02/21/threads/>
NB: I'am using OpenSSL 1.1.1, from git.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220927/e460ef29/attachment.htm>
More information about the openssl-users
mailing list