Skip to content

Conversation

scottgifford
Copy link

These patches contain:

  • Delayed SSL support in sslserver and sslclient (-y option)
  • Support for a privilege separated SSL process in sslserver with optional chroot and setting uid and gid
  • Small fixes to SSL error handling
  • Add option to just close the connection after requesting SSL shutdown (-j, the default) instead of waiting for the other side to acknowledge our shutdown (-J, the old behavior). This fixes hangs with some servers.

Scott Gifford added 7 commits September 3, 2011 22:37
  * Privilege separation in sslserver
  * Support for chroot(2) in sslserver
  * Support for changing UID and GID in sslserver
  * Support for delayed TLS in sslserver using the ucspi-tls protocol.  See http://www.suspectclass.com/sgifford/ucspi-tls/
  * Add delayed TLS support with ucspi-tls to sslclient (sponsored by Meixler Technologies, Inc.)
  * Refactor and improve ucspi-tls code
  * Add sample client code in ucspitls.[ch]
  * Add ucspi-ssl test program
      * Add delayed TLS support with ucspi-tls to sslclient (sponsored by Meixle
      * Refactor and improve ucspi-tls code
      * Add sample client code in ucspitls.[ch]
      * Add ucspi-ssl test program
…f just the timeout.

  * Implement new -j/-J switch to activate "just_shutdown" option in ssl_io.  This option causes the SSL connection to be shutdown before the SSL protocol has been fully shutdown.  This is allowed by the specs, and seems to improve compatibility, and so is the default.
  * Document added options in documentation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant