Boost.Asio的SSL线程安全 [英] Boost.Asio SSL thread safety

问题描述

做我创建一条链的的的我SSL套接字的所有股份，每股SSL上下文（任何相联插座共用）一条链？

Boost.Asio的SSL文档状态这一点，但它没有提到上下文。我认为，这意味着我只能使用一条链的一切，但我认为这是必须的OpenSSL支持多线程之前写的。

  

SSL和线程

  
  

SSL流对象执行没有自己的锁定。因此，至关重要的是，所有异步SSL的操作都在一个隐式或显式链进行。请注意，这意味着不需要同步（因此没有锁定系统开销）在单线程程序。

我最有可能只打算只有一个SSL上下文，但我不知道它是否更恰当的链由SSL上下文所拥有，或者由全球网络服务。

我做的事项时提供一个处理程序 CRYPTO_set_locking_callback 。

解决方案

更新

这个答案的要点是由大卫·施瓦茨，其权威在这方面我认为在崇高敬意兵家必争之地。

有原因的期望，SSL上下文的可以的被线程之间共享的 - 至少对于某些操作，如果仅仅是为了便于SSL会话恢复

我觉得大卫有SSL方面的经验，OpenSSL的使用它。反过来又促进了ASIO用途的是的（至少在所有平台我所知道的）。因此，无论是大卫写答案分享他的知识，或者你/我将不得不花费一些时间与OpenSSL文档和升压短耳源$ C ​​$ C找出适用于提升有效约束短耳的 SSL ::背景使用。

下面是按照目前记录的限制。

<子> [旧的回答全文如下]

  

线程安全

---

  

在一般情况下，它是安全的，以同时使用不同的对象，但是不安全，使同时使用一个单一的对象。然而，类型如io_service对象提供更强的保证是安全的同时使用一个单一的对象

从逻辑上讲，因为文件并没有提及具体的 ssl_context 类的线程安全，必须得出结论，事实并非如此。

这不要紧，你知道，如果你使用一些特定的挂钩（比如你提到的）基础SSL库支持这一点。这的只有的告诉你，它可能不是很难的做的 ssl_context 线程感知。

但直到（与库开发者的工作）提供这个补丁，这是不可用的。

长话短说，您访问的每个 ssl_context 从单链。

Do I create one strand that all of my SSL sockets share, or one strand per SSL context (shared by any associated sockets)?

Boost.Asio SSL documentation states this, but it doesn't mention contexts. I assume that this means I must use only one strand for everything, but I think this was written before OpenSSL had multithreading support.

SSL and Threads

SSL stream objects perform no locking of their own. Therefore, it is essential that all asynchronous SSL operations are performed in an implicit or explicit strand. Note that this means that no synchronisation is required (and so no locking overhead is incurred) in single threaded programs.

I'm most likely only going to have only one SSL context, but I'm wondering if it's more proper for the strand to be owned by the SSL context, or by the global network service.

I did provide a handler to CRYPTO_set_locking_callback in case that matters.

解决方案

UPDATE

The gist of this answer is contested by David Schwarz, whose authority in this area I hold in high esteem.

There are reasons to expect that ssl contexts can be shared between threads - at least for some operations, if only to facilitate SSL session resumption.

I think David has experience with SSL context as OpenSSL uses it. Boost ASIO uses that in turn (at least on all platforms I know of). So, either David writes an answer sharing his knowledge, or you/me would have to spend some time with the OpenSSL documentation and Boost Asio source code to figure out the effective constraints that apply to Boost Asio's ssl::context usage.

Below are the constraints as currently documented.

_{[old answer text follows]}

Thread Safety

---

In general, it is safe to make concurrent use of distinct objects, but unsafe to make concurrent use of a single object. However, types such as io_service provide a stronger guarantee that it is safe to use a single object concurrently.

Logically, because the documentation doesn't mention thread-safety of the ssl_context class in particular, you must conclude that it is not.

It doesn't matter that you know that the underlying SSL library supports this if you use some particular hooks (like you mention). This only tells you that it might not be hard to make ssl_context thread-aware.

But until you (work with the library devs to) provide this patch, it's not available.

Long story short, you access each ssl_context from a single strand.

这篇关于Boost.Asio的SSL线程安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！