> >
> > > Hello,
> > > How Can I get two independent SSL structures on the same one
> > > connection
> > > ?
> > The glib answer would be "any way you want to". The detailed answer is
> > that
> > there is no standard way to do this, so you can choose any
> > method you wish
> > and do it that way.
> >
> > One way, for example, would be to prefix each block of
> > encrypted data with
> > which of the two SSL structures it's from/for (say by a 1 or 0 byte) and
> > the
> > length (say, as 4 bytes in network host order). When you receive the
> > blocks,
> > you grab the 5 byte header and figure out which SSL structure
> > to route the
> > next so many bytes from.
> But, I want to get independent SSL structure even if one SSL connection is
> still working, in optional moment. Example in sockets, will enough that I
> exchange descriptors.
So do that then. Seriously, you can do this any way you want to.
You may want an explicit acknowledgement, so you'll know the other side got
the chunk. I'd define only a single protocol element. It would contain a
sequence number, zero or more bytes of data and a range of sequence numbers
to acknowledge. So when you need to send 30 logical bytes of data, you try
the first link. If they're not acknowledged in a reasonable amount of time,
you send them over the other link. Keep using a link until you timeout,
switch links every time you timeout.
If you don't like that scheme, pick another. You have a choice to layer
your multi-link scheme above or below SSL. I think it's easiest to layer
above SSL, so you have use the two links just as secrue byte streams.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
