From nmav at gnutls.org Thu Aug 15 06:01:02 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu Aug 15 06:01:02 2002 Subject: [Help-gnutls] passing SSL connection to another process In-Reply-To: <20020730183940.C22431@irccrew.org> References: <20020730183940.C22431@irccrew.org> Message-ID: <20020815093615.GC703@gnutls.org> On Tue, Jul 30, 2002 at 06:39:40PM +0300, Timo Sirainen wrote: > My server is made of two processes, one handling the login and another > handling the actual connection after that, using unix socket to pass the fd > to the other process. > But now that I'm beginning to implement SSL/TLS support for it, it's > beginning to look a bit difficult.. Is there some way I could save the > gnutls state and transfer it to another process with the fd? Or some other > hopefully not too kludgy way to do it? Unless the other processes are fork()ed, you cannot transfer the gnutls state to other processes. > Of course, I'll anyway support doing this through SSL proxy process which > itself connects to the actual server process with unix sockets, but that > means extra processes.. I think that separating the connection layer process from the authentication process is cleaner. That way the authentication process does not send to the socket itself, but sends the packets to the connection layer process (using IPC or something). > Another thing that isn't quite clear from the documentation is how to use > gnutls with nonblocking I/O. All functions returning GNUTLS_E_AGAIN should > be called again, but I'd also need to know if it happened on read or write, > so I could call it again at proper time. I think this is a problem only with > gnutls_handshake()? I don't understand the question. -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From tss at iki.fi Thu Aug 15 06:45:01 2002 From: tss at iki.fi (Timo Sirainen) Date: Thu Aug 15 06:45:01 2002 Subject: [Help-gnutls] passing SSL connection to another process In-Reply-To: <20020815093615.GC703@gnutls.org> References: <20020730183940.C22431@irccrew.org> <20020815093615.GC703@gnutls.org> Message-ID: <20020815104423.GH4045@irccrew.org> On Thu, Aug 15, 2002 at 12:36:15PM +0300, Nikos Mavroyanopoulos wrote: > > > Another thing that isn't quite clear from the documentation is how to use > > gnutls with nonblocking I/O. All functions returning GNUTLS_E_AGAIN should > > be called again, but I'd also need to know if it happened on read or write, > > so I could call it again at proper time. I think this is a problem only with > > gnutls_handshake()? > > I don't understand the question. Basically: How do I create a poll() based process handling multiple SSL connections? If I've understood everything right, there's 3 functions that may block if socket is in blocking mode: gnutls_record_recv(), gnutls_record_send() and gnutls_handshake(). With nonblocking sockets, if gnutls_record_recv() doesn't read a full packet, GNUTLS_E_AGAIN is returned. So I know it wants more data, and I call it again once poll() says there's more data. The same goes for gnutls_record_send(). But what about gnutls_handshake(), AFAIK it both receives data and sends data. How should I know when to call it again? I'd want something similiar to gnutls_record_check_pending() to tell me if handshake waits on input or output. From nmav at gnutls.org Thu Aug 15 17:52:11 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Thu Aug 15 17:52:11 2002 Subject: [Help-gnutls] passing SSL connection to another process In-Reply-To: <20020815104423.GH4045@irccrew.org> References: <20020730183940.C22431@irccrew.org> <20020815093615.GC703@gnutls.org> <20020815104423.GH4045@irccrew.org> Message-ID: <20020815214543.GB906@gnutls.org> On Thu, Aug 15, 2002 at 01:44:23PM +0300, Timo Sirainen wrote: > > > Another thing that isn't quite clear from the documentation is how to use > > > gnutls with nonblocking I/O. All functions returning GNUTLS_E_AGAIN should > > > be called again, but I'd also need to know if it happened on read or write, > > > so I could call it again at proper time. I think this is a problem only with > > > gnutls_handshake()? > > I don't understand the question. > Basically: How do I create a poll() based process handling multiple SSL > connections? [...] > But what about gnutls_handshake(), AFAIK it both receives data and sends > data. How should I know when to call it again? I'd want something similiar > to gnutls_record_check_pending() to tell me if handshake waits on input or > output. Could you please check the gnutls_handshake_check_direction() function in the cvs? -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From tss at iki.fi Tue Aug 27 19:15:36 2002 From: tss at iki.fi (Timo Sirainen) Date: Tue Aug 27 19:15:36 2002 Subject: [Help-gnutls] Finishing gnutls_record_send() Message-ID: <20020827231449.GT7103@irccrew.org> Now that the nonblocking handshake seems to work, there's only one small problem left. How about adding gnutls_record_send_continue() or gnutls_record_flush() or something similiar, which continues sending data from previous unfinished gnutls_record_send()? I can call gnutls_record_send() again too, but it's just that it wants the data-parameter again, even while it does nothing with it since it's already copied into internal buffers. So I've currently kludged it by giving (void *) 1 as data since NULL isn't allowed. I'd really like to get rid of this kludge :) From nmav at gnutls.org Wed Aug 28 11:46:07 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Wed Aug 28 11:46:07 2002 Subject: [Help-gnutls] Finishing gnutls_record_send() In-Reply-To: <20020827231449.GT7103@irccrew.org> References: <20020827231449.GT7103@irccrew.org> Message-ID: <20020828153938.GA32043@gnutls.org> On Wed, Aug 28, 2002 at 02:14:49AM +0300, Timo Sirainen wrote: > Now that the nonblocking handshake seems to work, there's only one small > problem left. > How about adding gnutls_record_send_continue() or gnutls_record_flush() or > something similiar, which continues sending data from previous unfinished > gnutls_record_send()? The NULL pointer is now allowed if the previous call was interrupted. -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org From tss at iki.fi Thu Aug 29 13:52:12 2002 From: tss at iki.fi (Timo Sirainen) Date: Thu Aug 29 13:52:12 2002 Subject: [Help-gnutls] x509 certificate + private key in same PEM file Message-ID: <20020829175025.GA7103@irccrew.org> How about adding support for it? From nmav at gnutls.org Sat Aug 31 05:02:04 2002 From: nmav at gnutls.org (Nikos Mavroyanopoulos) Date: Sat Aug 31 05:02:04 2002 Subject: [Help-gnutls] x509 certificate + private key in same PEM file In-Reply-To: <20020829175025.GA7103@irccrew.org> References: <20020829175025.GA7103@irccrew.org> Message-ID: <20020831084929.GB721@gnutls.org> On Thu, Aug 29, 2002 at 08:50:25PM +0300, Timo Sirainen wrote: > How about adding support for it? Just added in the cvs. -- Nikos Mavroyanopoulos mailto:nmav at gnutls.org