- libunbound documentation on how to avoid openssl race conditions.

git-svn-id: file:///svn/unbound/trunk@2926 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 4a399313e3326fade442ee97fe80b86dceb36f33..c7d52f9f76ffd320783bff1f954563748bf519bf 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 19 Jun 2013: Wouter
        - streamtcp man page, contributed by Tomas Hozza.
        - iana portlist updated.
+       - libunbound documentation on how to avoid openssl race conditions.
 
 25 Jun 2013: Wouter
        - Squelch sendto-permission denied errors when the network is

diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in
index 2a4184f71ca8e027b9eb6e025e1617d171663425..8807ac12897b50bd6c1c6ff85bc8a6f08b586f71 100644 (file)
--- a/doc/libunbound.3.in
+++ b/doc/libunbound.3.in
@@ -171,6 +171,9 @@ by default. Use
 and
 .B ub_ctx_hosts
 to read them.
+Before you call this, use the openssl functions CRYPTO_set_id_callback and
+CRYPTO_set_locking_callback to set up asyncronous operation if you use
+lib openssl (the application calls these functions once for initialisation).
 .TP
 .B ub_ctx_delete
 Delete validation context and free associated resources.

diff --git a/libunbound/unbound.h b/libunbound/unbound.h
index 01e8253e3026bb9fe134b73431ca9c4c978d4744..191338706c3d2212af100a920898b26ad4f34dd9 100644 (file)
--- a/libunbound/unbound.h
+++ b/libunbound/unbound.h
@@ -78,6 +78,10 @@
  *     ... same as async for non-threaded
  *     ... the callbacks are called in the thread that calls process(ctx)
  *
+ * Openssl needs to have locking in place, and the application must set
+ * it up, because a mere library cannot do this, use the calls
+ * CRYPTO_set_id_callback and CRYPTO_set_locking_callback.
+ *
  * If no threading is compiled in, the above async example uses fork(2) to
  * create a process to perform the work. The forked process exits when the 
  * calling process exits, or ctx_delete() is called.