Paul Sheer, 2008-01-29:
> Let's say you have 1600 clients. Let's say that you have 40 threads, and
> each thread
> handles 40 connections. Now let's say that each thread initializes it's own
> SSL_CTX structure.
>
> The SSL_CTX structure contains most of the data required for SSL
> functionality.
> Because each SSL_CTX structure has one-and-only-one thread accessing it,
> there can be no contention within the SSL_CTX structure's data.
>
> ...

This behavior, by itself, does not necessary guarantee 
that your OpenSSL library code won't race against itself,
won't corrupt its own data, or crash (hint: learn about
the MySQL case, search the archives).

IMHO, your approach is clearly wrong: your app's fate
is relying on undocumented behavior. It could "work" with 
a few OpenSSL library versions; but internal, sentitive
behavior could change in future versions. Hence, I don't 
consider this a good engineering practice.

I won't argue with you about using the library in an
undocumented manner; but I *do* think it'd be interesting
to get some real quantitative data: we could use it as a
basis to discuss possible future library modifications,
more compatible with your requests.

Leandro
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to