Is it safe to share single X509_STORE between multiple threads for verifying certificate?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I'd like a clarify a little bit about multithreaded use of X509_verify_cert.

Use case: I want connections to be accepted and served in a network thread and delegate all certificate checking to another thread (or even thread pool). CA for all certificates to be checked is stored in a single X509_STORE. Basically, when certificate is received from a client, I create new X509_STORE_CTX, initialize it with a single (say, global) X509_STORE, and feed a worker thread with a checking routine which calls X509_verify_cert.

The question is, does this kind of thread-sharing of X509_STORE need any external locking provided by an application?

Particularly, I'm worried because X509_STORE_CTX_init takes a non-const pointer of my X509_STORE. Probably, this is because this function modifies reference counters inside the store, which is thread-safe provided that locking callbacks are set during initialization of the library. There should be no other non-const access to the store, right?

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux