Q: Threads Support in ssl(8)?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Q: Threads Support in ssl(8)?

Rolf Sommerhalder
Hello list,

Is there any specific reason, such as for example concerns about
security or about stability, why THREADS support is not turned on in
OpenBSD's OpenSSL by default?  (Apparently, it isn't neither in
FreeBSD nor in NetBSD.) Or, was there so far simply no need for
THREADS support to be provided by ssl(8)?

A project has an urgent need for a compact reverse HTTP/HTTPS proxy.
Therefore I updated my earlier port of Pound to its latest stable
-2.3.2, which I derived from work done by Pete Vickers et al.
http://permalink.gmane.org/gmane.os.openbsd.misc/126141

On sparc64, this port fails to build a secondary OpenSSLin a temporary
directory with THREADS support enabled, due to some obscure problem
with assembly code and UltraSPARC (I tried both the current stable
0.9.8e and 0.9.7j which is used by 4.2-current). The recommended
workaround of configuring OpenSSL with the 'no-asm' option also failed
miserably at the 'make test' stage later, although it resolved the
compilation/assmbler issue.

The solution was to enable THREADS support in OpenSSL of OpenBSD's
source tree and to rebuild ssl(8). The resulting Pound port gets much
leaner (no hack required with parallel installation of OpenSSL in
temporary install directory), builds rapidly and installs cleanly.. So
far, Pound-2.3.2 as well as vpnc-0.4.0 and OpenVPN-2.0.9 run fine on
both i386 and sparc64 of 4.2-current using ssl(8) with THREADS
enabled.

I am aware that the project is currently in release lock. Once
unlocked, is there any chance that enabling THREADS support per
default would gain some traction? This would facilitate the building
of a clean port for Pound considerably.

If there is any interest, I can make available my updated Pound-2.3.2
port available.

Thanks,
Rolf