<div dir="ltr">Hi Martin,<br><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 17, 2014 at 4:43 AM, Martin Willi <span dir="ltr"><<a href="mailto:martin@strongswan.org" target="_blank">martin@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Avesh,<br>
<span class=""><br>
> strongswan's openssl plugin is deigned for multi-threaded environment, whereas<br>
> wpa_supplicant uses non-threaded architecture. Both of these, strongswan's<br>
> openssl pluging and wpa_supplicant uses openssl as their crypto and<br>
> TLS library.<br>
<br>
</span>True, but unless you run these libraries in the same process, how is<br>
this a problem? </blockquote><div><br></div><div>Isn't it the way it works when wpa_supplicant's tnc client loads any imc (.so) so everything runs in the same process space? <br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'd guess for a different process each OpenSSL libcrypto<br>
instance should be usable independently?<br></blockquote><div><br>There is only one wpa_supplicant process.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Or is there some non-mainline code involved that uses wpa_supplicant<br>
from within strongSwan?<br></blockquote><div><br></div><div>There is nothing ususal. wpa_supplicant loads strongswan's imcs from /etc/tnc_config file. strongswan imc runs within wpa_supplicant process space not the other way around. It might happen with other third party tnc clients if they use strongswan's imc with a design similar to wpa_supplicant.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<span class=""><br>
> I have created a very simple patch to address this issue which basically allows<br>
> disabling mult-thread uses in strongswan's openssl plugin when<br>
> wpa_supplicant is used.<br>
<br>
</span>Disabling that multi-threading setup on strongSwan definitely will break<br>
the openssl plugin, </blockquote><div><br></div><div>It does not disable mult-threading by default. In the patch, by default it is true so strongswan operations are not affected at all. When someone uses wpa_supplicant, one might disable multi-threading in openssl plugin by configuring it. <br> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">so I don't think this is an option, even as a<br>
work-around.<br>
<br></blockquote><div>As I said above, by default it is enabled and does not affect strongswan at all, so might work as a work around.<br><br></div><div>Regards<br>Avesh <br> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Regards<br>
<span class="HOEnZb"><font color="#888888">Martin<br>
<br>
</font></span></blockquote></div><br></div></div></div>