> > I advocate that some users would find it useful to be > able to invoke > > SSL_read() and SSL_write() from exactly two threads on > the same 'SSL *' > > simultaneously. There is merit in this and as > things stands OpenSSL does > > not allow it due to a design choice (aka "design > limitation"). > > You are mistaken. There are no message boundaries, and > multiple threads > reading and writing the same SSL session would get random > fragments of > the remote data on read, and emit random fragments of data > on write. > > There is no sensible use-case for concurrent multiple > thread access > to an SSL object. All access must be serialized to ensure > remotely > reasonable semantics.
Alright, here's a simple use case: I have a large file here, you have a large file there. We'd like to trade them. We have two independent streams available (one from me to you, one from you to me). A socket, in other words. We could take turns sending discrete pieces of each file but that's silly and slow. Assuming we can load these gigantic files into memory to make the example simpler, we could both do this to write: char* p = entire_file_buffer; char* e = p + size_of_file; while (p!=e) { int n = send(sock_fd, p, e-p); if (n<0) return ERR; p += n; } And we both do this to read: char* p = entire_file_buffer; char* e = p + size_of_file; while (p!=e) { int n = recv(sock_fd, p, e-p); if (n<0) return ERR; p += n; } It's simple, uses two threads, one socket, and makes the best use of our bandwidth. So I'm hoping it is your misunderstanding actually, that you thought we were suggesting two different threads should be able to write the same SSL* at the same time, or that two different threads be able to read the same SSL* at the same time, which clearly doesn't make sense for a stream-based protocol. We weren't suggesting that. We were suggesting that it would be really, really nice if the example above could have send replaced with SSL_write and recv replaced with SSL_read and it would just work. :) --jason ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org