[Help-gnutls] Re: Restore gnutls session after execvp - possible?

Matthias Urlichs smurf at smurf.noris.de
Sun Dec 11 21:54:59 CET 2005


Simon Josefsson:
> How do you achieve that?  I thought you had to close sockets and
> re-open them in a new process.
If you have an open file descriptor, you can choose whether it is
automagically closed when you execve() something. (fcntl, close-on-exec

> I don't know how to achieve what you want in GnuTLS, but I don't know
> how to achieve what you already do either (exec another process and
> inherit the open socket) so I may likely be missing something.
> Perhaps others know more.
The basic idea is to save the internal gnutls data structure in such a
way that you only need to plug in the file descriptor and everything is
back where it was.

Personally I'd say that

> >  - global:
> >  
> >     gnutls_certificate_free_credentials (gnutls_xcred);
> >     gnutls_global_deinit();
> >
Why are you doing that? You're execvp-ing a new process, the data
structures will vanish anyway -- and you risk closing the sockets when you
do this.

> >     if (gnutls_handshake (server->gnutls_sess) < 0)
> >         printf ("handshake failed\n");
> >
Does that call work when you use it *before* doing your
save-execvp-restore dance?

Matthias Urlichs   |   {M:U} IT Design @ m-u-it.de   |  smurf at smurf.noris.de
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
 - -
You can have whiskey as your friend. You can have a dog as your friend. But
if you have a woman as your friend, you're going to wind up drunk and kissing
your dog.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: </pipermail/attachments/20051211/b5c60561/attachment.pgp>

More information about the Gnutls-help mailing list