Skip Menu |

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 28898
Status: rejected
Priority: 0/
Queue: IO-Socket-SSL
People
Owner: Nobody in particular
Requestors: iturturica [...] ixiacom.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Mon Aug 20 03:29:03 2007 iturturica [...] ixiacom.com - Ticket created
CC: <Steffen_Ullrich [...] genua.de>
Subject: thread safety issues
Date: Mon, 20 Aug 2007 10:27:04 +0300
To: <bug-IO-Socket-SSL [...] rt.cpan.org>
From: "Ionut Turturica" <iturturica [...] ixiacom.com>
Hi Steffen, I suspect some nasty thread safety issues at setting the verify_callback routine. I noticed many random crashes and managed to track them down to that "Net::SSLeay::CTX_set_verify" sub. In fact the Net::SSLeay author also mentions this: "It is desirable to reset these callbacks to undef immediately after use to prevent thread safety problems and crashes on exit that can occur if different threads set different callbacks." Which happens to be true for IO::Socket::SSL. The actual setup of the callback is done in SSL.pm at around line 946: Net::SSLeay::CTX_set_verify($ctx, $verify_mode, $verify_callback); Thanks, IonuĊ£
  Mon Aug 20 04:11:39 2007 Steffen_Ullrich [...] genua.de - Correspondence added
Hi, IO::Socket::SSL is not thread safe because the underlying Net::SSLeay is not thread safe. This is explicitly mentioned in the documentation: | BUGS | | IO::Socket::SSL is not threadsafe. This is because IO::Socket::SSL is | based on Net::SSLeay which uses a global object to access some of the | API of openssl and is therefore not threadsafe. On Mon Aug 20 03:29:03 2007, iturturica@ixiacom.com wrote: Show quoted text
> Hi Steffen, > > > > I suspect some nasty thread safety issues at setting the > verify_callback routine. I noticed many random crashes and managed to > track them down to that "Net::SSLeay::CTX_set_verify" sub. > > In fact the Net::SSLeay author also mentions this: > > > > "It is desirable to reset these callbacks to undef immediately after > use to prevent > > thread safety problems and crashes on exit that can occur if different > threads > > set different callbacks." > > > > Which happens to be true for IO::Socket::SSL. > > > > The actual setup of the callback is done in SSL.pm at around line 946: > > Net::SSLeay::CTX_set_verify($ctx, $verify_mode, $verify_callback); > > > > Thanks, > > IonuĊ£ > > >
  Mon Aug 20 04:11:41 2007 The RT System itself - Status changed from 'new' to 'open'
  Mon Aug 20 04:11:43 2007 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'rejected'