Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
proton-c-0.18.0
Description
ssl_domain objects are semi-global.
For example two connections simultaneously creating or releasing their own private pn_ssl_t objects may mess up the refcount of the shared pn_ssl_domain_t object leading to memory corruption or leaks.
Windows schannel is further complicated by the OS internal refcounting of its security context thingies. That may get automatically solved by the above, or may require a separate JIRA to track. The same may apply to openssl.
The obvious thread-safety issues were addressed by PROTON-1620 and the use of per-transport SSL objects appears to be correct and safe. However we need a careful review of the use of shared OpenSSL objects (related to SSL domains and certificate stores) to ensure they are being used safely and no additional locks are needed.
Attachments
Issue Links
- is a clone of
-
PROTON-1620 TLS / SSL thread safety with proactor
- Closed
- links to