Russell Davies wrote:
> yes, I thought about that, although I've had problems doing that in the
> past. Specifically, the remote ends seems to want to close the
> connection quite often,
Hey coincidence I was just asking about this the other day, if you write a
ucspi compliant tcpserver-style daemon you may want to check out stunnel[1]
for a source of ideas about how to handle the crypto side of things. One
of the advantages stunnel has when its run in daemon mode (as opposed to
being run out of inetd or tcpserver[2]) is that it has session caching.
Actually it might even be easier to just convince the stunnel folks to add
UCSPI compliance, especially if you tempted them with patches.
[1] http://www.stunnel.org/
[2] which I still haven't gotten to work because I've been side tracked
with other things, but I'll try to get back to it soon and post a
summary
--
Jamie Heilman http://wcug.wwu.edu/~jamie/
"Most people wouldn't know music if it came up and bit them on the ass."
-Frank Zappa
