Joshua Kramer wrote:
If you have separate listening connections which are either wholly SSL
or wholly not it makes more sense (to my mind) to keep the
implementations separate (but possible to use inheritance if that makes
sense) and to have a new SSL specific Acceptor to be the factory for the
new SSL connections.
Can you describe, a bit more, the structure of the Acceptor? It
appears (from the file TCPIOPlugin.cpp, line 72) that the Acceptor
starts listening before we tell it what port we want it to listen on.
(It actually appears that there is no 'Acceptor' that runs as itself -
the Acceptor class is used to derive the AsynchIOAcceptor.
Where do we set config information, or at least pass it on to the
Acceptor and/or Socket objects? This is important, because for an SSL
acceptor, we need to set and get:
-Permitted and preferred Cipher Algorithms
-Do we ask for client certificate?
-Do we require client certificate?
-Location of key and certificate databases
-One of US, French, or International nationality settings
-Callback functions to get passwords for certificates
-Port
-Host
So far, I've added SSLAcceptor, SSLAsynchIO, and SSLSocket classes.
Soon after I have answers to the above I should have some code for you
to review.
Thanks,
-Josh
Josh,
I think Andrew will be on-line again tomorrow, he has been doing some
work in this area, so probably best if he comment. If he does not reply
by COB tomorrow I will give you my thoughts
on the questions.
Carl.
