Hi! I just met s6-networking and am wondering whether it might suit some
of my needs. I see UCSPI tools analogous to those in ucspi-tcp and
ucspi-ssl, except more composable. That's why I'm here :-)
Way back in the day, Scott Gifford and Charlie Brady designed an
UCSPI-TLS interface for "delayed encryption" of services that start
unencrypted -- for instance, an SMTP client and server negotiating
STARTTLS. Here's an introduction (or maybe reminder):
https://web.archive.org/web/20150311220932/http://www.suspectclass.com/sgifford/ucspi-tls/ucspi-tls-qmail-howto.html
I think it's a lovely interface. My own TLS and AUTH implementation for
unpatched qmail-smtpd, qmail-pop3d, and ofmipd
(https://schmonz.com/qmail/acceptutils) relies on it. At present, the
only ready-to-run UCSPI-TLS implementation I'm aware of is Erwin
Hoffmann's ucspi-ssl fork, which includes the "sslserver -n" portion of
the original implementation but not yet the corresponding "sslclient
-y".
If my code -- and perhaps notqmail's
(https://github.com/notqmail/notqmail/wiki/Designs) -- could run equally
well under s6-networking, that would be really cool. Could UCSPI-TLS be
made to fit nicely into s6-networking's design? If so, would you be
willing to consider implementing it?
For reference, here's what I believe is the latest version of Gifford
and Brady's code, including both client and server implementations for
William Baxter's ucspi-ssl:
https://github.com/SuperScript/ucspi-ssl/compare/master...scottgifford:master
Thanks,
- Amitai
- UCSPI-TLS for s6-networking? Amitai Schleier
-
