[squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

Christos Tsantilas christos at chtsanti.net
Thu Feb 2 09:32:09 UTC 2017


On 02/02/2017 03:16 πμ, Alex Rousskov wrote:
> On 02/01/2017 01:42 PM, Christos Tsantilas wrote:
>> must take in account that some openSSL calls
>> returns locket objects, and some other unlocked objects.
>
> Does the patch start using shared pointers for any objects in the
> second, "returned unlocked" category? AFAICT, only the SSL connection
> object (shared_ptr<SSL>) is currently affected. That object is always
> given to Squid locked by OpenSSL, right?

Yes.

However this patch changes Security::SessionPointer from a 
LockingPointer which was actually a wrapper for OpenSSL locking system 
to be  a shared_ptr<> which uses its own locking system.

It should not exist any problem (this is why I did not make more tests), 
just I am referring to this.


>
> We would have to remember to ask ourselves these questions for every new
> OpenSSL-lockable type that we start using inside a shared_ptr, of
> course, but if OpenSSL always returns locked SSL objects, those should
> be "safe to share" AFAICT.
>
> Thank you,
>
> Alex.
>


More information about the squid-dev mailing list