On Sat, Jul 22, 2006 at 12:46:35AM +0200, Marek Marcola wrote:
> parent accept() and SSL_accept() then fork(), parent
> SSL_free() and close() and child to some work.
What work would that be? It should not be possible for the child
process to splice itself into the middle of an SSL session without
the required cryptographic state...
> Of course SSL_accept() may be done in child too
> so parent only close() after accept().
Sure, so long as the parent does not initiate the TLS handshake
and it is done completely in the child.
> If this processes are already created then "main"
> process may give accept()'ed file descriptor
> to "worker" for SSL_accept() by unix socket
> for example.
This again works, because the parent does not participate the in
the SSL handshake. It would be extremely useful to serialize and
the deserialize the state of an SSL session, but this is not simple,
because of BIO buffering and the need to serialize the internal
state of ciphers, ...
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
