使用 GnuTLS 构建时 libcurl 线程安全吗
Is libcurl thread safe when built with GnuTLS
libcurl 线程安全的要求之一是底层 SSL 库应该是线程安全的。
根据 GnuTLS 的文档,它在设计上是线程安全的。
The GnuTLS library is thread safe by design, meaning that objects of the library such as TLS sessions, can be safely divided across threads as long as a single thread accesses a single object. This is sufficient to support a server which handles several sessions per thread. Read-only access to objects, for example the credentials holding structures, is also thread-safe.
然而,需要注意的用例很少。
A gnutls_session_t object could also be shared by two threads, one sending, the other receiving. However, care must be taken on the following use cases:
-
The re-handshake process in TLS 1.2 or earlier must be handled only in a single thread and no other thread may be performing any operation.
-
The flag GNUTLS_AUTO_REAUTH cannot be used safely in this mode of operation.
-
Any other operation which may send or receive data, like key update (c.f., gnutls_session_key_update), must not be performed while threads are receiving or writing.
-
The termination of a session should be handled, either by a single thread being active, or by the sender thread using gnutls_bye with GNUTLS_SHUT_WR and the receiving thread waiting for a return value of zero (or timeout on certain servers which do not respond).
-
The functions gnutls_transport_set_errno and gnutls_record_get_direction should not be relied during parallel operation.
libcurl 是否处理上述用例?
是的。
libcurl 不使用来自多个线程的 gnutls_session_t 对象,因此上述预防措施不适用(它也不会执行任何其他据说不是线程安全的事情)。只要您遵循 libcurl's thread-safety guidelines.
,线程 libcurl 与 GnuTLS(或其他 TLS 后端)一起使用应该没问题
libcurl 线程安全的要求之一是底层 SSL 库应该是线程安全的。
根据 GnuTLS 的文档,它在设计上是线程安全的。
The GnuTLS library is thread safe by design, meaning that objects of the library such as TLS sessions, can be safely divided across threads as long as a single thread accesses a single object. This is sufficient to support a server which handles several sessions per thread. Read-only access to objects, for example the credentials holding structures, is also thread-safe.
然而,需要注意的用例很少。
A gnutls_session_t object could also be shared by two threads, one sending, the other receiving. However, care must be taken on the following use cases:
-
The re-handshake process in TLS 1.2 or earlier must be handled only in a single thread and no other thread may be performing any operation.
-
The flag GNUTLS_AUTO_REAUTH cannot be used safely in this mode of operation.
-
Any other operation which may send or receive data, like key update (c.f., gnutls_session_key_update), must not be performed while threads are receiving or writing.
-
The termination of a session should be handled, either by a single thread being active, or by the sender thread using gnutls_bye with GNUTLS_SHUT_WR and the receiving thread waiting for a return value of zero (or timeout on certain servers which do not respond).
-
The functions gnutls_transport_set_errno and gnutls_record_get_direction should not be relied during parallel operation.
libcurl 是否处理上述用例?
是的。
libcurl 不使用来自多个线程的 gnutls_session_t 对象,因此上述预防措施不适用(它也不会执行任何其他据说不是线程安全的事情)。只要您遵循 libcurl's thread-safety guidelines.
,线程 libcurl 与 GnuTLS(或其他 TLS 后端)一起使用应该没问题