Has anyone ever considered providing a GSS-API interface into OpenSSL?
I realize that such an undertaking would be non-trivial. However, I'll try to
justify
my question in case anyone is interested.
I've spent a considerable amount of time trying to determine if I can make
OpenSSL
work for my applications. I've come to the conclusion that, in its present form, I am
probably not
going to be able to use OpenSSL.
Some of the difficulties that I'm having revolve around the fact that the
socket I/O code is
integrated into the protocol code. Our applications are designed around a GSSAPI/SSPI
model
where the application does the I/O and gets buffers from the protocol provider and
sends buffers
to the protocol provider. Two specific situations where I have a problem with OpenSSL
is that I had
planned to tunnel SSL inside of another, application specific, protocol. I haven't
been able to
determine how to do this. Also, our servers can handle large numbers of clients
concurrently.
Because of this feature, I don't like the fact that it appears that a SSL call could
bock my server
unless I make the server multithreaded. The fact that the OpenSSL code contains so
much static
data make me wonder if OpenSSL is thread safe. Does anyone have an opinion on that?
Thanks, in advance, if you have kept reading long enough to get this far. Any
response,
whether it be questions, comments, suggestions, criticism etc., will be most
appreciated.
Thanks!
Glenn Horton SAS Institute
919-531-6640 R4306 SAS Campus Dr.
[EMAIL PROTECTED] Cary, N.C. 27513
SAS... The Power to Know
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
