On Wed, Dec 06, 2006 at 09:15:15AM -0800, Paul Querna wrote: > Justin Erenkrantz wrote: > > On 12/6/06, Frank <[EMAIL PROTECTED]> wrote: > >> My question is: How does this interfere with my module? How can I ensure > >> that only one of us (mod_ssl or my module) is calling these both > >> functions? I cannot believe that there is no problem when my module > > > > You just can't. I wish there was a better answer but there isn't, > > AFAIK. You might get lucky, but yah you're going to run into > > nastiness with OpenSSL's global contexts. =( -- justin > > There is always GnuTLS (or other SSL libraries) which don't have the > global context problems: > http://www.gnu.org/software/gnutls/
It kind of does still though the reliance on the horrible global error stack is not there: http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html What I do with OpenSSL in neon is to check that the existing callback is NULL before registering a new callback; and likewise to check that the ID callback is the one neon previously registered before un-registering it later. If everybody did that it would be relatively safe. The OpenSSL guys have actually obviated the ID callback for some future release, it was entirely unportable because of the cast-to-long issue anyway; but the locking callback remains. joe
