EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Is TElX509CertificateValidator thread safe ?

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#16222
Posted: 04/15/2011 08:22:44
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Hello,

Quite a simple question, really: can I safely access the same instance of TElX509CertificateValidator from multiple threads ?

I'm writing a multi-threaded upload tool that connects to a TLS server and I'd like to speed up the certificate validation process. One thing that seems to be quite time-consuming is initializing the validator certificate store (through InitializeWinStorages). if I can create a single instance of the validator and reuse it through all my threads, that would speed the global upload quite a bit.

Thanks,
Stephane
#16223
Posted: 04/15/2011 08:32:04
by Eugene Mayevski (EldoS Corp.)

Validator is neither thread-safe, nor re-enterable. I.e. one instance of validator should be used for one connection at a time. This validator can be passed from thread to thread for use, but this should not lead to concurrent use of the same instance from several threads.

The question about windows certificate storages is solved easily - don't use the storages, created by validator and instead create your own set of instances of TElWinCertStorage and add them to each instance of Validator. This way you will be able to share a set of storages you need across all validators.


Sincerely yours
Eugene Mayevski
#16224
Posted: 04/15/2011 08:47:44
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Thank you for the quick answer.

I don't quite understand your proposed solution, through. Do you mean that TElX509CertificateValidator isn't thread-safe but that the TElWinCertStorage is ?

Or are you suggesting I create a separate instance of TElWinCertStorage per thread ?

Thanks again,
Stephane
#16225
Posted: 04/15/2011 08:58:57
by Vsevolod Ievgiienko (EldoS Corp.)

No. You can create a shared set of TElWinCertStorage -s and load them into each TElX509CertificateValidator using AddBlockedCertificates, AddKnownCertificates and AddTrustedCertificates methods.
#16226
Posted: 04/15/2011 09:09:41
by Eugene Mayevski (EldoS Corp.)

storages (certificate, pgp key, ssh key) are thread-safe, yes.


Sincerely yours
Eugene Mayevski
#16227
Posted: 04/15/2011 10:01:43
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Ok, I think I see what I need to do now.

Thank you very much for your help.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 1331 times

none




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!