Seth Alves wrote: > [...] > I have some code that uses the openssl egg. I'm not able to find a way > (as a client) to send eof to the server. > [...]
Hello Seth, you can shutdown the entire SSL connection by closing both the input and output ports connected to the peer. However there is no way to shutdown only the sending or receiving end of a connection like it is possible with BSD sockets. I you close only one of the ports of an SSL connection, the access to that channel from Scheme becomes impossible but nothing really changes on the lower abstraction layers. This is not simply due to my laziness when creating the OpenSSL egg but because I don't know of any safe way to partially shutdown an SSL connection. To my knowledge the OpenSSL API and the SSL protocol itself only support shutting down the entire SSL session and not signalling end of stream on either the input or output channel. > [...] > I can do something like > > (tcp-shutdown (ssl-port->tcp-port (cadr ssl-sock)) 1) > [...] This is definitely not safe and may lead to data loss. The problem is that any sort of SSL communication, be it receiving or sending data, may trigger features like key renegotiation that would not be possible if one direction of the underlying network transport was disabled. Hence, if you just disable the underlying TCP output channel, your SSL peer will probably see an end of stream on its input channel, but she might not be able to send any more data back to you either! I would suggest implementing the necessary end of stream signalling in a higher level protocol on top of SSL. Ciao, Thomas -- When C++ is your hammer, every problem looks like your thumb. _______________________________________________ Chicken-hackers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/chicken-hackers
