Darryl,
Thanks for your detailed suggestions, especially:
It may also be helpful to call SSL_set_read_ahead(ssl, 0) to disable
readahead optimization just before you issue the SSL_shutdown(ssl).
For some reason, adding that line before the shutdowns made all the
difference - it now works
On Mon, Sep 14, 2009 at 01:49:23PM +1000, Andrew Sumner wrote:
Darryl,
Thanks for your detailed suggestions, especially:
It may also be helpful to call SSL_set_read_ahead(ssl, 0) to disable
readahead optimization just before you issue the SSL_shutdown(ssl).
For some reason, adding
Andrew Sumner wrote:
The client can then send messages to the server worker process using
SSL_write, and the worker receives them ok. However, when the worker
sends something to the client, nothing comes through - SSL_read fails.
In summary, is there any way of closing an SSL session on a
Hi Viktor,
Initially, does your client build an SSL connection over an already
(TCP) established connection passed to it as a file descriptor?
yes.
Initially, does your server accept an SSL connection over an already
(TCP) established connection passed to it as a file descriptor?
yes.
Do
On Fri, Sep 11, 2009 at 12:51:15PM +1000, Andrew Sumner wrote:
Victor, you've just described exactly what I've been trying to do. A clean
shutdown on both sides, socket connection left open, then a client HELLO
after which both sides initiate SSL again.
I just can't seem to find a method of
I've got a situation where a listener on the server receives a connection
then the client sends a login packet. The server creates a new worker
process as the logged in user and passes it the socket ID. The worker
process takes over communication with the client (which is unaware of what's
Andrew Sumner wrote:
Implementing openssl I've hit a wall.
I need to initiate SSL on the connection in the
listener, before the client sends the login packet as it
obviously shouldn't be sent in the clear.
There's no way to pass the SSL objects to the new process,
so I've been trying to
Hi David,
Thanks, you've saved me from tons of frustration and wasted time chasing an
unworkable solution. The proxy idea sounds very promising, I'll check it
out.
cheers
Andrew
On Fri, Sep 11, 2009 at 11:14:18AM +1000, Andrew Sumner wrote:
Hi David,
Thanks, you've saved me from tons of frustration and wasted time chasing an
unworkable solution. The proxy idea sounds very promising, I'll check it
out.
You should be able to cleanly shut-down SSL on both sides,
Hi Victor,
You should be able to cleanly shut-down SSL on both sides, and
resume in a new process, provided the application protocol has
a clean session termination phase.
For example, implementing an application level STOPTLS verb that
the initiator may request and the responder must
10 matches
Mail list logo