[Help-gnutls] Re: Restore gnutls session after execvp - possible?

FlashCode flashcode at flashtux.org
Sun Dec 11 23:33:30 CET 2005 

On Sun, Dec 11, 2005 at 10:46:15PM +0100, Simon Josefsson wrote:
> Matthias Urlichs <smurf at smurf.noris.de> writes:
> 
> > Hi,
> >
> > Simon Josefsson:
> >> How do you achieve that?  I thought you had to close sockets and
> >> re-open them in a new process.
> >> 
> > If you have an open file descriptor, you can choose whether it is
> > automagically closed when you execve() something. (fcntl, close-on-exec
> > flag)
> 
> Oh.  I see.  Thanks for the pointer.
> 
> >> I don't know how to achieve what you want in GnuTLS, but I don't know
> >> how to achieve what you already do either (exec another process and
> >> inherit the open socket) so I may likely be missing something.
> >> Perhaps others know more.
> >> 
> > The basic idea is to save the internal gnutls data structure in such a
> > way that you only need to plug in the file descriptor and everything is
> > back where it was.
> 
> Right.  I don't think this is possible.
> 
> The resume data that is stored is not intended for this use.  It is
> intended where you create a new connection and want to re-use earlier
> TLS handshakes to optimize things.
> 
> It _may_ be possible to use the resume stuff for this purpose, most of
> the useful data items are present.  I think it require a new API.
> E.g., gnutls_resume_connect that accept the resume data.
> 
> Further, I'm not sure I understand _why_ this is done.  Perhaps if you
> describe why you want to execvpe and carry over the TLS-protected
> socket to the new process, we can suggest better solutions.
> 
> Still, if someone want to make this work, I'd welcome any patches.
> 

Hi Matthias and Simon,

I tried without:
  gnutls_certificate_free_credentials (gnutls_xcred);                                                                        
  gnutls_global_deinit(); 
same result..

My goal is to be able to launch new version of IRC client, without
disconnecting from IRC server, so use same socket and gnutls
environment.
Today I forbid any upgrade when gnutls is used, since it seems not
possible to do such re-connection by resuming gnutls data.
If this is possible in the future, feel free to tell me.

Thank you.

-- 
Cordialement / Best regards
Sebastien.

Web: http://www.flashtux.org - email: flashcode at flashtux.org
IRC: FlashCode at irc.freenode.net - Jabber: flashcode at jabber.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: </pipermail/attachments/20051211/274da199/attachment.pgp>

More information about the Gnutls-help mailing list