The receiver state and the sender state are different. So, in theory, this could work... though it'd be difficult with the way that OpenSSL handles renegotiation.
I wouldn't recommend it, though. The way I'd do it is hand off the SSL session entirely to the child. (Then, the parent could close the socket, and since the client still has it it would stay open.) I remember one design that we had to retrofit SSL into where the parent process forked, sharing the open handles with the child, which then wrote out to all of them when the child's work was finished. Needless to say, this dropped all the connections that used SSL when it happened. Another possibility is if you have the SSL object in shared memory, surrounded by a mutex. I advise against this as it's extremely difficult to debug in these situations. -Kyle H On 10/10/06, Urjit Gokhale <[EMAIL PROTECTED]> wrote:
Hi, > Hello, > > For the moment, i have a kind of supervisor which, > > accept a connection, read some datas on the socket and > > then start the process which is able to handle this > > datas. ( using createprocess/execv). The socket's > > handle is shared to this process and therefor the > > process is able to exchange datas with the client. > > > > > > Now i want my application to use SSL_V3. But it looks > > like there is a problem, as it seems there is no way > > to share an SSL session between diferents process. > > > > I really hope that there is a way to do it. And i > > would be very happy if someone can help me. > You can not share ssl3/tls1 session by using SSL > object in two different processes. > For example one process establish ssl session then > fork()'s and two processes use SSL object for reading > and writing. > SSL objects has information on current read/write > MAC which must be properly updated. > > But (I may guess) reading in one process and writing > in second may succeed because read/write MAC secrets > and implied sequences are counted individually. So are you suggesting that it is possible to share ssl3 session between two processes, provided one process reads and other writes? If yes, could you suggest a way to share the session. What if I am having a shared memory that the two processes use to communicate. Could this be used in some way to share the session? Would copying the SSL object to shared memory and then using this object in the two process work (provided the access to the object is protected by mutexes)? Is it possible to create a SSL object in the shared memory region itself, so that we need not 'copy' the object? I will highly appreciate if you or anyone could guide me through these questions. Thank you, ~ Urjit DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
-- -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
