Well,
Due to the changes I made to my code I am now able to do it. I am
doing this from within the mod_nss Apache module, which actually
stores a pointer to the SSL file descriptor when it layers it upon the
original TCP fd.
Otherwise, if I weren't to do within mod_nss, Nelson's idea about
traversing the FD stack seems reasonable (even though I haven't tested
it).
No matter which one I use, this still shows me if SSL has been layered
upon a FD stack, but not if the first SSL Handshake has been done.
However, I think this is sufficient because once the SSL layer
SecureRecv() and SecureSend() methods are layered on the FD, it seems
that no read() and write() from/to the socket can occur successfully
without doing the handshake first.
> Your suggestion of a new PR_GetIdentityForName function seems good.
> I would define it as follows:
>
> PRDescIdentity
> PR_GetIdentityForName(const char* layerName) {
> ...
> if (no existing layer with this name)
> return PR_INVALID_IO_LAYER;
> else
> return identity_of_existing_layer
>
> }
You are right, this leaves the application more choices about what to
do when there is no layer identity for this name.
If an identity is returned, the app can use PR_GetIdentitiesLayer() to
see whether the layer is on the FD stack or not.
If PR_INVALID_IO_LAYER is returned, then the application can either
- conclude that this layer cannot possibly be on the FD stack since
no layer identity exists with that name -or-
- create a new layer identity and push a new layer (e.g. SSL) on the
FD stack
Thanks!
Regards,
Peter
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
