[Help-gnutls] passing SSL connection to another process

Nikos Mavroyanopoulos nmav at gnutls.org
Thu Aug 15 06:01:02 CEST 2002

On Tue, Jul 30, 2002 at 06:39:40PM +0300, Timo Sirainen wrote:

> My server is made of two processes, one handling the login and another
> handling the actual connection after that, using unix socket to pass the fd
> to the other process.
> But now that I'm beginning to implement SSL/TLS support for it, it's
> beginning to look a bit difficult.. Is there some way I could save the
> gnutls state and transfer it to another process with the fd? Or some other
> hopefully not too kludgy way to do it?

Unless the other processes are fork()ed, you cannot transfer
the gnutls state to other processes. 

> Of course, I'll anyway support doing this through SSL proxy process which
> itself connects to the actual server process with unix sockets, but that
> means extra processes..

I think that separating the connection layer process from the
authentication process is cleaner. That way the authentication
process does not send to the socket itself, but sends the packets
to the connection layer process (using IPC or something).

> Another thing that isn't quite clear from the documentation is how to use
> gnutls with nonblocking I/O. All functions returning GNUTLS_E_AGAIN should
> be called again, but I'd also need to know if it happened on read or write,
> so I could call it again at proper time. I think this is a problem only with
> gnutls_handshake()?

I don't understand the question.

Nikos Mavroyanopoulos
mailto:nmav at gnutls.org

More information about the Gnutls-help mailing list