[sr-dev] [kamailio/kamailio] tls: much faster startup using shared SSL_CTX (#1585)

Julien Chavanton notifications at github.com
Wed Jul 11 07:37:45 CEST 2018


After SSL_CTX is not only containing default settings but hash of sessions, this seems to be thread safe using a locks.

```
SSL_CTX_add_session
    CRYPTO_THREAD_write_lock(ctx->lock);
    ...
    CRYPTO_THREAD_unlock(ctx->lock);
```

OpenSSL can be safely used in multi-threaded applications provided that support for the underlying OS threading API is built-in. Currently, OpenSSL supports the pthread and Windows APIs. OpenSSL can also be built without any multi-threading support, for example on platforms that don't provide any threading support or that provide a threading API that is not yet supported by OpenSSL.

Not sure if there could be a pitfall for forking process, better keep the default value as it is.

It seems another option, could be to copy only the X509_store 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1585#issuecomment-404050785
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20180710/f3eef471/attachment-0001.html>


More information about the sr-dev mailing list