Re: Hundreds of crypto file descriptors for Apache httpd

To: netbsd-users%netbsd.org@localhost
Subject: Re: Hundreds of crypto file descriptors for Apache httpd
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Fri, 13 Mar 2020 06:15:10 -0000 (UTC)

noloader%gmail.com@localhost (Jeffrey Walton) writes:

>sideways. OpenSSL is supposed to open the device once and share it
>internally. From the head notes of engines/e_devcrypto.c:

>$ cat engines/e_devcrypto.c
>...
>/*
> * ONE global file descriptor for all sessions.  This allows operations
> * such as digest session data copying (see digest_copy()), but is also
> * saner...  why re-open /dev/crypto for every session?


That's not exactly the same. The engine shares the same descriptor for
any number of SSL sessions, but if the engine is initialized once
per thread, then each thread opens a descriptor and shares it for the
SSL sessions created from that thread.


-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."

References:
- Re: Hundreds of crypto file descriptors for Apache httpd
  - From: Frank Wille
- Re: Hundreds of crypto file descriptors for Apache httpd
  - From: Jeffrey Walton

Prev by Date: Re: Hundreds of crypto file descriptors for Apache httpd
Next by Date: Re: Hundreds of crypto file descriptors for Apache httpd
Previous by Thread: Re: Hundreds of crypto file descriptors for Apache httpd
Next by Thread: Re: Hundreds of crypto file descriptors for Apache httpd
Indexes:

Home | Main Index | Thread Index | Old Index