Next: , Previous: , Up: Introduction to the library   [Contents][Index]


6.1.5 Thread safety

The GnuTLS library is thread safe by design, meaning that objects of the library such as TLS sessions, can be safely divided across threads as long as a single thread accesses a single object. This is sufficient to support a server which handles several sessions per thread. Read-only access to objects, for example the credentials holding structures, is also thread-safe.

A gnutls_session_t object could also be shared by two threads, one sending, the other receiving. In that case however, care must be taken during key updates and re-handshakes to be handled only by a single thread. The termination of a session should be handled, either by a single thread being active, or by the sender thread using gnutls_bye with GNUTLS_SHUT_WR and the receiving thread waiting for a return value of zero.

For several aspects of the library (e.g., the random generator, PKCS#11 operations), the library may utilize mutex locks (e.g., pthreads on GNU/Linux and CriticalSection on Windows) which are transparently setup on library initialization. Prior to version 3.3.0 these were setup by explicitly calling gnutls_global_init.17

Note that, on Glibc systems, unless the application is explicitly linked with the libpthread library, no mutex locks are used and setup by GnuTLS. It will use the Glibc mutex stubs.


Footnotes

(17)

On special systems you could manually specify the locking system using the function gnutls_global_set_mutex before calling any other GnuTLS function. Setting mutexes manually is not recommended.