On Fri, 2006-03-31 at 13:52 -0300, Leandro Santi wrote: > Balazs Scheidler, 2006-03-31: > > > The problem with > > the current situation is that everything _seems_ to work well, but > > whenever load hits the application it crashes and it is not easy to > > debug especially when one is looking for an error in his own code :) > > IMHO, the sooner the problem is detected, the better. Even if this > implies a brutal crash of the application. > > On Linux, the current CRYPTO_thread_id() behavior with multithreaded > applications hides the fact that the application is *broken*. For > example, MySQL with OpenSSL has been broken *for years*. The problem was > much more harder to trigger on Linux, because of the default > CRYPTO_thread_id() behavior. Platforms without the getpid() <-> > pthread_self() bijection (Solaris, NetBSD >= 2, ...) happily crashed > sooner, and more importantly: the problem gets fixed sooner, as well.
I would rather see a big assertion failed message and an abort() in this case too. The default CRYPTO_id_callback() is simply broken. A possible solution would be not to handle this race in ERR_get_state(), but do an assert(0) instead with a nice error message: /* If a race occured in this function and we came second, tmpp * is the first one that we just replaced. */ if (tmpp) ERR_STATE_free(tmpp); If getpid() is unique this race will never happen, if it is not, then instead of freeing an error state which _is being used_ in another thread, we should do an assert(0) This way the default would work for single-threaded applications and would quickly fail with multi-threaded ones, the race above always indicates a problem which should not be allowed. -- Bazsi ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]