我正在学习如何使用OpenSSL编写多线程DTLS服务器。我一直在查阅文档,看起来如果我设置CRYPTO_set_id_callback
和CRYPTO_set_locking_callback
,OpenSSL应该可以与多个线程一起工作。我正在使用OpenSSL 1.1.1c,在查看crypto.h
时,发现了以下内容:
/*
* The old locking functions have been removed completely without compatibility
* macros. This is because the old functions either could not properly report
* errors, or the returned error values were not clearly documented.
* Replacing the locking functions with no-ops would cause race condition
* issues in the affected applications. It is far better for them to fail at
* compile time.
* On the other hand, the locking callbacks are no longer used. Consequently,
* the callback management functions can be safely replaced with no-op macros.
*/
# define CRYPTO_num_locks() (1)
# define CRYPTO_set_locking_callback(func)
# define CRYPTO_get_locking_callback() (NULL)
# define CRYPTO_set_add_lock_callback(func)
# define CRYPTO_get_add_lock_callback() (NULL)
看起来这种方法已经过时了。我应该怎么做才能确保我的OpenSSL代码是线程安全的?
--
进一步研究后,我找到了这个:使用pthread的OpenSSL教程。我还发现了https://www.openssl.org/docs/man1.0.2/man3/CRYPTO_THREADID_set_callback.html。然而,
CRYPTO_THREADID_set_callback()
也是一个空操作!看来我除了用正确的标志编译OpenSSL之外无能为力了。