gnutls_x509_trust_list_t should be safely shared among multiple threads
The documentation currently says:
The GnuTLS library is thread safe by design, meaning that objects of the
library such as TLS sessions, can be safely divided across threads as
long as a single thread accesses a single object. This is sufficient to
support a server which handles several sessions per thread. Read-only
access to objects, for example the credentials holding structures, is
also thread-safe.
The last statement implies that the read-only usage of gnutls_x509_trust_list_t
, such as verifying certificate chain with already populated list, could be performed from multiple threads against a single gnutls_x509_trust_list_t
object. This is apparently not true with the use with PKCS#11 trust store:
https://bugzilla.redhat.com/show_bug.cgi?id=1937513#c33
We should either document this as an exception or actually make it thread safe.
Edited by Daiki Ueno