On Fri, 2006-03-31 at 13:52 -0300, Leandro Santi wrote:
> Balazs Scheidler, 2006-03-31:
>
> > The problem with
> > the current situation is that everything _seems_ to work well, but
> > whenever load hits the application it crashes and it is not easy to
> > debug especially when one is looking for an error in his own code :)
>
> IMHO, the sooner the problem is detected, the better. Even if this
> implies a brutal crash of the application.
>
> On Linux, the current CRYPTO_thread_id() behavior with multithreaded
> applications hides the fact that the application is *broken*. For
> example, MySQL with OpenSSL has been broken *for years*. The problem was
> much more harder to trigger on Linux, because of the default
> CRYPTO_thread_id() behavior. Platforms without the getpid() <->
> pthread_self() bijection (Solaris, NetBSD >= 2, ...) happily crashed
> sooner, and more importantly: the problem gets fixed sooner, as well.
I would rather see a big assertion failed message and an abort() in this
case too. The default CRYPTO_id_callback() is simply broken.
A possible solution would be not to handle this race in ERR_get_state(),
but do an assert(0) instead with a nice error message:
/* If a race occured in this function and we came second, tmpp
* is the first one that we just replaced. */
if (tmpp)
ERR_STATE_free(tmpp);
If getpid() is unique this race will never happen, if it is not, then
instead of freeing an error state which _is being used_ in another
thread, we should do an assert(0)
This way the default would work for single-threaded applications and
would quickly fail with multi-threaded ones, the race above always
indicates a problem which should not be allowed.
--
Bazsi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
