From ceb1f6354a0c73e38db9351a9415d65aeb727ebb Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Fri, 19 Jul 2013 11:48:22 +0000 Subject: [PATCH] - libunbound documentation on how to avoid openssl race conditions. git-svn-id: file:///svn/unbound/trunk@2926 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 1 + doc/libunbound.3.in | 3 +++ libunbound/unbound.h | 4 ++++ 3 files changed, 8 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index 4a399313e..c7d52f9f7 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 19 Jun 2013: Wouter - streamtcp man page, contributed by Tomas Hozza. - iana portlist updated. + - libunbound documentation on how to avoid openssl race conditions. 25 Jun 2013: Wouter - Squelch sendto-permission denied errors when the network is diff --git a/doc/libunbound.3.in b/doc/libunbound.3.in index 2a4184f71..8807ac128 100644 --- a/doc/libunbound.3.in +++ b/doc/libunbound.3.in @@ -171,6 +171,9 @@ by default. Use and .B ub_ctx_hosts to read them. +Before you call this, use the openssl functions CRYPTO_set_id_callback and +CRYPTO_set_locking_callback to set up asyncronous operation if you use +lib openssl (the application calls these functions once for initialisation). .TP .B ub_ctx_delete Delete validation context and free associated resources. diff --git a/libunbound/unbound.h b/libunbound/unbound.h index 01e8253e3..191338706 100644 --- a/libunbound/unbound.h +++ b/libunbound/unbound.h @@ -78,6 +78,10 @@ * ... same as async for non-threaded * ... the callbacks are called in the thread that calls process(ctx) * + * Openssl needs to have locking in place, and the application must set + * it up, because a mere library cannot do this, use the calls + * CRYPTO_set_id_callback and CRYPTO_set_locking_callback. + * * If no threading is compiled in, the above async example uses fork(2) to * create a process to perform the work. The forked process exits when the * calling process exits, or ctx_delete() is called. -- 2.47.2