[PATCH 2/2] mupdate starttls should be thread-safe
Duncan Gibb
Duncan.Gibb at SiriusIT.co.uk
Tue Nov 4 14:11:47 EST 2008
Hello again,
I just posted a patch to make starttls in mupdate do something other
than time out. However, the crypto code is not thread-safe. Under
moderate load TLS negotiations fail all over the place and mupdate
segfaults fairly frequently.
The attached is a first attempt at addressing this. It creates two new
files, imap/tls_th-lock.c and imap/tls_th-lock.h mostly borrowed from
the example pthread locking functions supplied with OpenSSL. For
brevity, this patch does not add the CMU comment block to these new files.
The idea is to create an object which could be linked with daemons other
than mupdate if they also need multi-threaded TLS in the future. For
now we just add CRYPTO_thread_setup() and CRYPTO_thread_cleanup() calls
to mupdate's service_init() and service_abort() respectively.
This has been tested only on x86_64 Debian Linux and not (yet) in a
production murder.
Note that ciphers requiring ephemeral keys are probably still broken
without a thread-safe replacement for tmp_rsa_cb().
Cheers
Duncan
--
Duncan Gibb, Technical Director
Sirius Corporation plc - The Open Source Experts
http://www.siriusit.co.uk/
Tel: +44 870 608 0063
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mupdate-threaded-tls.patch
Type: text/x-diff
Size: 4532 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20081104/78c925b4/attachment.bin
More information about the Cyrus-devel
mailing list