[Opendnssec-develop] proposed libhsm API
John Dickinson
jad at jadickinson.co.uk
Thu Apr 23 14:56:21 UTC 2009
On 23 Apr 2009, at 15:46, Jakob Schlyter wrote:
> On 23 apr 2009, at 16.27, Rickard Bondesson wrote:
>
>> How should we handle the sessions?
>
> internally, without exposing to the user of libhsm.
>
>> We want to allow signing with multiple threads. This needs one
>> session per thread. If we connect the session with the HSM, then we
>> can only use on thread per HSM. If we connect the session with the
>> key, then the threads can not sign with the same key.
>
> it would be nice if we can have the library allocate a bunch of
> session and use them when needed, right?
>
>> In other words we either need to keep track of the thread or give
>> out session ids via the libhsm interface. A session id which needs
>> to be translated to the session id within the HSM.
>
Forgive my naivety but the only thing that needs to be threaded ever is
ldns_rr* hsm_sign_rrset(const ldns_rr_list* rrset, const hsm_key_t
*key);
so how about
ldns_rr* hsm_sign_rrset(const ldns_rr_list* rrset, const hsm_key_t
*key, int thread_id);
when hsm_sign_rrset sees a new thread_id it opens a new session.
Isn't this kind of what is done in the speed tester except an array of
sessions is created in advance of launching the threads.
John
---
John Dickinson
http://www.jadickinson.co.uk
I am riding from Lands end to John O'Groats to raise money for
Parkinson's Disease Research. Please sponsor me here http://justgiving.com/pedalforparkinsons2009
More information about the Opendnssec-develop
mailing list