native-pkcs11 icon indicating copy to clipboard operation
native-pkcs11 copied to clipboard
verified publisher icon google

macOS keychain thread safety

Open brandonweeks opened this issue 1 year ago • 0 comments

In macOS, some of the functions of this API block while waiting for input from the user (for example, when the user is asked to unlock a keychain or give permission to change trust settings). In general, it is safe to use this API in threads other than your main thread, but avoid calling the functions from multiple operations, work queues, or threads concurrently. Instead, serialize function calls or confine them to a single thread.

In iOS, all the functions in this API are thread-safe and reentrant.

From Certificate, Key, and Trust Services / Working with Concurrency.

Currently macOS keychain calls are not serialized, which can cause failures during high load situations. This is mostly observed as test flakes.

brandonweeks avatar May 30 '24 01:05 brandonweeks