From: Wouter Wijngaards Date: Fri, 19 Jul 2013 11:48:22 +0000 (+0000) Subject: - libunbound documentation on how to avoid openssl race conditions. X-Git-Tag: release-1.4.21rc1~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ceb1f6354a0c73e38db9351a9415d65aeb727ebb;p=thirdparty%2Funbound.git - libunbound documentation on how to avoid openssl race conditions. git-svn-id: file:///svn/unbound/trunk@2926 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 4a399313e..c7d52f9f7 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 19 Jun 2013: Wouter - streamtcp man page, contributed by Tomas Hozza. - iana portlist updated. + - libunbound documentation on how to avoid openssl race conditions. 25 Jun 2013: Wouter - Squelch sendto-permission denied errors when the network is diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in index 2a4184f71..8807ac128 100644 --- a/doc/libunbound.3.in +++ b/doc/libunbound.3.in @@ -171,6 +171,9 @@ by default. Use and .B ub_ctx_hosts to read them. +Before you call this, use the openssl functions CRYPTO_set_id_callback and +CRYPTO_set_locking_callback to set up asyncronous operation if you use +lib openssl (the application calls these functions once for initialisation). .TP .B ub_ctx_delete Delete validation context and free associated resources. diff --git a/libunbound/unbound.h b/libunbound/unbound.h index 01e8253e3..191338706 100644 --- a/libunbound/unbound.h +++ b/libunbound/unbound.h @@ -78,6 +78,10 @@ * ... same as async for non-threaded * ... the callbacks are called in the thread that calls process(ctx) * + * Openssl needs to have locking in place, and the application must set + * it up, because a mere library cannot do this, use the calls + * CRYPTO_set_id_callback and CRYPTO_set_locking_callback. + * * If no threading is compiled in, the above async example uses fork(2) to * create a process to perform the work. The forked process exits when the * calling process exits, or ctx_delete() is called.