On Fri, Jul 21, 2006 at 03:55:09PM +0200, Frederic Renault wrote:
> First i want to thank you both for your quick answers.
>
> It's quite hard to change the design as its an old
> application which must be upgraded to SSL.
>
> Maybe what i've said was not clear enough.
> In fact, i don't want two processes to be able to
> communicate on the socket at the same time.
>
> I just would like the process which has accepted the
> connection to give the SSL object to a second process.
> Then the first process doesn't need the SSL object
> anymore.
>
This is not possible (with fork/exec) unless the first process is willing
to stick around and act as SSL<->cleartext proxy for the second process
forwarding data back and forth via a pipe. There is no API for moving
live OpenSSL sessions out of one address space and into another. The best
one can do is shutdown the connection save the session state, and then
resume the session saving the overhead of a from-scratch RSA handshake.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
