Well my hybrid threaded app now seems to be stable - even under extreme
loads.
Here is what I did for others to refer:
Comments *most* welcome.
These steps allow me to link both builds of my program with the same
non-threaded
OpenSSL build. I.e. both the fork() and pthread_create() builds of my
software.
1. Use my own BIO object (BIO_new) so that OpenSSL does not use
socket ops
- allows me to use the library asyncronously and avoids
errno+threading issues.
2. Use my own RAND object (RAND_set_rand_method) so that OpenSSL
does
not try lock static globals.
3. Use my own EXDATA object
(CRYPTO_set_ex_data_implementation(my_impl)) - this
is a problem because the st_CRYPTO_EX_DATA_IMPL object is
not declared
in the header - you have to copy and paste it from the
OpenSSL source.
My EXDATA object is a dummy opject - it does nothing and
asserts
when you try do a dup. I'm not using ex_data in my app -
and quite honestly
I'm not really sure what it's for.
4. Disable all OpenSSL caching of sessions -
(SSL_CTX_set_session_cache_mode
(ctx, SSL_SESS_CACHE_NO_INTERNAL | SSL_SESS_CACHE_SERVER |
SSL_SESS_CACHE_NO_AUTO_CLEAR)) use the callbacks (
SSL_CTX_sess_set_new_cb etc.) and handle session caching
and
session expiry myself.
5. Declare only one SSL_CTX context per thread.
6. Build OpenSSL with no-threads and -DOPENSSL_NO_LOCKING
Am I doing anything completely insane here?
-paul
