Hello Przemek, thanks for the advice - I already tried to use a mutex to protect the OCSP_basic_sign(), but I wanted to avoid it as this will just use only one thread at a time. It seems that nCipher is best used with a simple fork() daemon... if it wasn't for the shared memories, still today a forked daemon is more robust than a multi-threaded one.. :(
Thanks for the advice - I will now put the locks back in place and see if the server does not crash anymore... :D Later, Max Przemek Michalski wrote:
Max,Hi David, that is really nice.. although.. after I gave it a try... it does not really work :( Actually, it seems that the dynamic functions are never called... :( Investigating... Later, MaxIt seems, that indeed the dynamic locking functions are not doing the trick here. I have encountered a similar problem with pthreads and nShield 500 when performing X.509 cert. signing. nCipher recommended to put dynamic locks in place but as in your case - it did not help. Try to create your own static mutex and put it around your code right where you perform the signing/verification operation - that should help I think. Without looking at the code, I am not sure what is the exact problem at your end but in my case (although I never went to properly investigate this matter) it looked like it was related to simultaneous communications between the application and the nfast server which sits in the middle between the application and the actual hardware device. I also remember, that nCipher provides a patch for OpenSSL 0.9.8x that makes some small changes to the original OpenSSL implementation of CHIL. P.M. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
-- Best Regards, Massimiliano Pala --o------------------------------------------------------------------------ Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] [EMAIL PROTECTED] Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332 PKI/Trust Laboratory Work Phone: +1 (603) 646-9179 --o------------------------------------------------------------------------ People who think they know everything are a great annoyance to those of us who do. -- Isaac Asimov
smime.p7s
Description: S/MIME Cryptographic Signature