Commit f7d316ed by Carlos Martín Nieto

THREADING: OpenSSL 1.1 is thead-safe, rework some paragraphs

parent 86bbaaa1
...@@ -62,29 +62,34 @@ general case still affects you if you use ssh. ...@@ -62,29 +62,34 @@ general case still affects you if you use ssh.
General Case General Case
------------ ------------
By default we use libcurl, which has its own ![recommendations for If it's available, by default we use libcurl to provide HTTP tunneling support,
thread safety](https://curl.haxx.se/libcurl/c/threadsafe.html). which may be linked against a number of cryptographic libraries and has its
own
If libcurl was not found or was disabled, libgit2 uses OpenSSL to be [recommendations for thread safety](https://curl.haxx.se/libcurl/c/threadsafe.html).
able to use HTTPS as a transport. This library is made to be
thread-implementation agnostic, and the users of the library must set If there are no alternative TLS implementations (currently only
which locking function it should use. This means that libgit2 cannot SecureTransport), libgit2 uses OpenSSL in order to use HTTPS as a transport.
know what to set as the user of libgit2 may use OpenSSL independently OpenSSL is thread-safe starting at version 1.1.0. If your copy of libgit2 is
and the locking settings must survive libgit2 shutting down. linked against that version, you do not need to take any further steps.
Even if libgit2 doesn't use OpenSSL directly, OpenSSL can still be used Older versions of OpenSSL are made to be thread-implementation agnostic, and the
by libssh2 depending on the configuration. If OpenSSL is used both by users of the library must set which locking function it should use. libgit2
libgit2 and libssh2, you only need to set up threading for OpenSSL once. cannot know what to set as the user of libgit2 may also be using OpenSSL independently and
the locking settings must then live outside the lifetime of libgit2.
libgit2 does provide a last-resort convenience function
Even if libgit2 doesn't use OpenSSL directly, OpenSSL can still be used by
libssh2 or libcurl depending on the configuration. If OpenSSL is used by
more than one library, you only need to set up threading for OpenSSL once.
If libgit2 is linked against OpenSSL, it provides a last-resort convenience function
`git_openssl_set_locking()` (available in `sys/openssl.h`) to use the `git_openssl_set_locking()` (available in `sys/openssl.h`) to use the
platform-native mutex mechanisms to perform the locking, which you may platform-native mutex mechanisms to perform the locking, which you can use
rely on if you do not want to use OpenSSL outside of libgit2, or you if you do not want to use OpenSSL outside of libgit2, or you
know that libgit2 will outlive the rest of the operations. It is not know that libgit2 will outlive the rest of the operations. It is then not
safe to use OpenSSL multi-threaded after libgit2's shutdown function safe to use OpenSSL multi-threaded after libgit2's shutdown function
has been called. Note `git_openssl_set_locking()` only works if has been called. Note `git_openssl_set_locking()` only works if
libgit2 uses OpenSSL directly - if OpenSSL is only used as a dependency libgit2 uses OpenSSL directly - if OpenSSL is only used as a dependency
of libssh2 as described above, `git_openssl_set_locking()` is a no-op. of libssh2 or libcurl as described above, `git_openssl_set_locking()` is a no-op.
If your programming language offers a package/bindings for OpenSSL, If your programming language offers a package/bindings for OpenSSL,
you should very strongly prefer to use that in order to set up you should very strongly prefer to use that in order to set up
...@@ -96,9 +101,6 @@ See the ...@@ -96,9 +101,6 @@ See the
on threading for more details, and http://trac.libssh2.org/wiki/MultiThreading on threading for more details, and http://trac.libssh2.org/wiki/MultiThreading
for a specific example of providing the threading callbacks. for a specific example of providing the threading callbacks.
Be also aware that libgit2 does not always link against OpenSSL
if there are alternatives provided by the system.
libssh2 may be linked against OpenSSL or libgcrypt. If it uses OpenSSL, libssh2 may be linked against OpenSSL or libgcrypt. If it uses OpenSSL,
see the above paragraphs. If it uses libgcrypt, then you need to see the above paragraphs. If it uses libgcrypt, then you need to
set up its locking before using it multi-threaded. libgit2 has no set up its locking before using it multi-threaded. libgit2 has no
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment