On 10 May 2011, at 4:13 PM, David Schwartz wrote: > On 5/10/2011 2:10 AM, John Hollingum wrote: >> Pretty much immediately after the accept the program forks a handler, >> but the rogue clients must be glomming onto the main process before the >> SSL negotiation is complete. > > Calling 'fork' with an accepted SSL connection has all kinds of known issues. > The fundamental problem is that there are many operations that must occur > both before and after the 'fork', for different reasons, and obviously can't > do both.
You could accept just the TCP connection in the main process and do all of the SSL handshake in the forked process (I think IO::Socket::SSL->start_SSL() is what you want for that) --- this would not be a high-performance approach (no SSL session cache, fork overhead) but if it's fast enough it's fast enough. It's possible to use openssl in a non-blocking, event-driven manner but I don't think Perl's SSL modules expose enough of the openssl API to do that. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
