EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Is TElX509CertificateValidator thread safe ?

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
Posted: 04/15/2011 08:22:44
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 173


Quite a simple question, really: can I safely access the same instance of TElX509CertificateValidator from multiple threads ?

I'm writing a multi-threaded upload tool that connects to a TLS server and I'd like to speed up the certificate validation process. One thing that seems to be quite time-consuming is initializing the validator certificate store (through InitializeWinStorages). if I can create a single instance of the validator and reuse it through all my threads, that would speed the global upload quite a bit.

Posted: 04/15/2011 08:32:04
by Eugene Mayevski (Team)

Validator is neither thread-safe, nor re-enterable. I.e. one instance of validator should be used for one connection at a time. This validator can be passed from thread to thread for use, but this should not lead to concurrent use of the same instance from several threads.

The question about windows certificate storages is solved easily - don't use the storages, created by validator and instead create your own set of instances of TElWinCertStorage and add them to each instance of Validator. This way you will be able to share a set of storages you need across all validators.

Sincerely yours
Eugene Mayevski
Posted: 04/15/2011 08:47:44
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 173

Thank you for the quick answer.

I don't quite understand your proposed solution, through. Do you mean that TElX509CertificateValidator isn't thread-safe but that the TElWinCertStorage is ?

Or are you suggesting I create a separate instance of TElWinCertStorage per thread ?

Thanks again,
Posted: 04/15/2011 08:58:57
by Vsevolod Ievgiienko (Team)

No. You can create a shared set of TElWinCertStorage -s and load them into each TElX509CertificateValidator using AddBlockedCertificates, AddKnownCertificates and AddTrustedCertificates methods.
Posted: 04/15/2011 09:09:41
by Eugene Mayevski (Team)

storages (certificate, pgp key, ssh key) are thread-safe, yes.

Sincerely yours
Eugene Mayevski
Posted: 04/15/2011 10:01:43
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 173

Ok, I think I see what I need to do now.

Thank you very much for your help.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.



Topic viewed 1443 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!