> The OPENSSL_gmtime in o_time.c (that gets called from other places
> like ASN1_UTCTIME_cmp_time_t in a_utctm.c) does not use the safe
> version of gmtime in lots of platforms including:
>This could cause problems in multi-thread environments,
>why not use mutexes to wrap the gmtime and memcpy,
>like other places in the library?

Because it is either needless or insufficient. On platforms like Win32 that
already use thread-specific data for functions like gmtime, it is needless.
The functions are thread-safe anyway. On platforms where thread-specific
data is not used, the mutexes would not prevent other code (not part of
OpenSSL) from calling these functions in-between when OpenSSL calls them and
when the returned data can be used or copied.

In a library, I don't think you can do better than using the thread-safe
functions where they exist.


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org